CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39017
https://notcve.org/view.php?id=CVE-2024-39017
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que Accordjs Shared v0.0.1 contenía un prototipo de contaminación a través de la función mergeInternalComponents. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25943
https://notcve.org/view.php?id=CVE-2024-25943
A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. iDRAC9, versiones anteriores a 7.00.00.172 para la 14.ª generación y 7.10.50.00 para las 15.ª y 16.ª generación, contiene una vulnerabilidad de secuestro de sesión en IPMI. • https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability • CWE-330: Use of Insufficiently Random Values •
CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3995 – Command Injection in Helix ALM
https://notcve.org/view.php?id=CVE-2024-3995
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. En las versiones de Helix ALM anteriores a la 2024.2.0, se identificó una inyección de comando local. Reportado por Bryan Riggins. • https://portal.perforce.com/s/detail/a91PA000001SU5pYAG • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2022-27540
https://notcve.org/view.php?id=CVE-2022-27540
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37420 – WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37420
Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WPZita Zita Elementor Site Library permite cargar un Web Shell a un servidor web. Este problema afecta a Zita Elementor Site Library: desde n/a hasta 1.6.1. The Zita Elementor Site Library plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the import functions found in inc/admin-ajax.php in all versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload malicious files that can be used for remote code execution. • https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •