CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37779
https://notcve.org/view.php?id=CVE-2024-37779
23 Sep 2024 — WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. • https://www.woodwing.com • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46639
https://notcve.org/view.php?id=CVE-2024-46639
23 Sep 2024 — A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box. • https://github.com/0xashfaq/-HelpDeskZ-v2.0.2---Stored-Cross-Site-Scripting-XSS- • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47219
https://notcve.org/view.php?id=CVE-2024-47219
21 Sep 2024 — An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. • https://github.com/vesoft-inc/nebula/pull/5936 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46640
https://notcve.org/view.php?id=CVE-2024-46640
20 Sep 2024 — SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. • https://gitee.com/zheng_botong/CVE-2024-46640 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46103
https://notcve.org/view.php?id=CVE-2024-46103
20 Sep 2024 — SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. • https://github.com/N0zoM1z0/MY-CVE/blob/main/CVE-2024-46103.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9006 – jeanmarc77 123solar config_invt1.php code injection
https://notcve.org/view.php?id=CVE-2024-9006
19 Sep 2024 — The manipulation of the argument PASSOx leads to code injection. ... Mittels dem Manipulieren des Arguments PASSOx mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/jeanmarc77/123solar/commit/f4a8c748ec436e5a79f91ccb6a6f73752b336aa5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40125
https://notcve.org/view.php?id=CVE-2024-40125
19 Sep 2024 — An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. • https://github.com/brendontkl/My-CVEs/tree/main/CVE-2024-40125 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45858
https://notcve.org/view.php?id=CVE-2024-45858
18 Sep 2024 — An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. • https://hiddenlayer.com/sai-security-advisory/2024-09-guardrails • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46559
https://notcve.org/view.php?id=CVE-2024-46559
18 Sep 2024 — Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#acee48e159494c479aecc1bfa87f0d83 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35515
https://notcve.org/view.php?id=CVE-2024-35515
18 Sep 2024 — Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. • https://github.com/piskvorky/sqlitedict • CWE-94: Improper Control of Generation of Code ('Code Injection') •