CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38993
https://notcve.org/view.php?id=CVE-2024-38993
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que rjrodger jsonic-next v2.12.1 contenía un prototipo de contaminación a través de la función vacía. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39002
https://notcve.org/view.php?id=CVE-2024-39002
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39236
https://notcve.org/view.php?id=CVE-2024-39236
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. • https://github.com/Aaron911/PoC/blob/main/Gradio.md https://github.com/advisories/GHSA-9v2f-6vcg-3hgv https://github.com/gradio-app/gradio/issues/8853 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39017
https://notcve.org/view.php?id=CVE-2024-39017
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que Accordjs Shared v0.0.1 contenía un prototipo de contaminación a través de la función mergeInternalComponents. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25943
https://notcve.org/view.php?id=CVE-2024-25943
A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. iDRAC9, versiones anteriores a 7.00.00.172 para la 14.ª generación y 7.10.50.00 para las 15.ª y 16.ª generación, contiene una vulnerabilidad de secuestro de sesión en IPMI. • https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability • CWE-330: Use of Insufficiently Random Values •