CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50804
https://notcve.org/view.php?id=CVE-2024-50804
Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder • https://g3tsyst3m.github.io/cve/msi/Arbitrary-Write-Privilege-Escalation-CVE-2024-50804 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-44757
https://notcve.org/view.php?id=CVE-2024-44757
An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request. • https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44757.md https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Basics.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-43091 – Gnome-maps: gnome maps is vulnerable to a code injection attack (similar to xss) via its service.json
https://notcve.org/view.php?id=CVE-2023-43091
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. • https://bugzilla.redhat.com/show_bug.cgi?id=2239091 https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11259 – code-projects Farmacia fornecedores.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11259
A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/13u11erFly/cve/blob/main/xss.md https://vuldb.com/?ctiid.284717 https://vuldb.com/?id.284717 https://vuldb.com/?submit.443398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11247 – SourceCodester Online Eyewear Shop Inventory Page Master.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11247
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. • https://github.com/Fl4g-Pshacker/cve/blob/main/xss.md https://vuldb.com/?ctiid.284683 https://vuldb.com/?id.284683 https://vuldb.com/?submit.443194 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •