CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-50810
https://notcve.org/view.php?id=CVE-2023-50810
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. • https://www.sonos.com/en-us/security-advisory-2024-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-43168 – Unbound: heap-buffer-overflow in unbound
https://notcve.org/view.php?id=CVE-2024-43168
This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. ... This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-3958 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2024-3958
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 17.0.6, 17.1 anterior a 17.1.4 y 17.2 anterior a 17.2.2. Se encontró un problema que permite a alguien abusar de una discrepancia entre la visualización de la aplicación web y la interfaz de línea de comando de git para realizar ingeniería social a las víctimas para clonar código no confiable. • https://gitlab.com/gitlab-org/gitlab/-/issues/456988 https://hackerone.com/reports/2437784 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-40487
https://notcve.org/view.php?id=CVE-2024-40487
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-37382
https://notcve.org/view.php?id=CVE-2024-37382
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. • https://www.abinitio.com/en/security-advisories/ab-2024-003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •