CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48744
https://notcve.org/view.php?id=CVE-2024-48744
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-46213
https://notcve.org/view.php?id=CVE-2024-46213
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Se descubrió que REDAXO CMS v2.11.0 contenía una vulnerabilidad de ejecución remota de código (RCE). • https://github.com/Purposex7/Vulns4Study/blob/main/REDAXO%20Cronjobs%20%20AddOns%20RCE.md •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9965
https://notcve.org/view.php?id=CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/352651673 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21259 – Oracle VirtualBox TPM Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21259
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual TPM device. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45274 – MB connect line/Helmholz: Remote code execution via confnet service
https://notcve.org/view.php?id=CVE-2024-45274
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. • https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 • CWE-306: Missing Authentication for Critical Function •