CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46373
https://notcve.org/view.php?id=CVE-2024-46373
18 Sep 2024 — Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. • https://github.com/gaorenyusi/gaorenyusi/blob/main/CVE-2024-46373.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45798 – Multiple Poisoned Pipeline Execution (PPE) vulnerabilities
https://notcve.org/view.php?id=CVE-2024-45798
17 Sep 2024 — Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). • https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-40866 – webkitgtk: Visiting a malicious website may lead to address bar spoofing
https://notcve.org/view.php?id=CVE-2024-40866
16 Sep 2024 — If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • https://support.apple.com/en-us/121238 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7104 – Remote Code Execution in SFS Consulting's ww.Winsure
https://notcve.org/view.php?id=CVE-2024-7104
16 Sep 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. • https://www.usom.gov.tr/bildirim/tr-24-1475 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8880 – playSMS Template index.php code injection
https://notcve.org/view.php?id=CVE-2024-8880
16 Sep 2024 — The manipulation of the argument username/email/captcha leads to code injection. ... Mittels dem Manipulieren des Arguments username/email/captcha mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.277524 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-44623
https://notcve.org/view.php?id=CVE-2024-44623
16 Sep 2024 — An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. • https://github.com/merbinr/CVE-2024-44623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2024-8864 – composiohq composio calculator.py Calculator code injection
https://notcve.org/view.php?id=CVE-2024-8864
15 Sep 2024 — The manipulation leads to code injection. ... Durch Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://rumbling-slice-eb0.notion.site/Composio-s-Local-tools-Mathematical-has-a-code-injection-risk-in-composiohq-composio-ea0e89ee10fe4edfb9a8cfeed158c765? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8271 – FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8271
13 Sep 2024 — The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode in the 'woocs_get_custom_price_html' function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/tags/1.4.2.1/classes/woocs.php#L4604 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45109 – Photoshop Desktop | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-45109
13 Sep 2024 — Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb24-72.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43756 – Photoshop Desktop | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2024-43756
13 Sep 2024 — Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb24-72.html • CWE-122: Heap-based Buffer Overflow •