CVSS: 8.4EPSS: %CPEs: -EXPL: 1CVE-2024-35333
https://notcve.org/view.php?id=CVE-2024-35333
An attacker can exploit this vulnerability by providing a specially crafted input to the vulnerable function, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption. • https://github.com/momo1239/CVE-2024-35333 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35226 – PHP Code Injection by malicious attribute in extends-tag in Smarty
https://notcve.org/view.php?id=CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. • https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-35581
https://notcve.org/view.php?id=CVE-2024-35581
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. Una vulnerabilidad de Cross-site scripting (XSS) en Sourcecodester Laboratory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a través de un payload manipulado inyectado en el campo de entrada Nombre del prestatario. • https://github.com/r04i7/CVE/blob/main/CVE-2024-35581.md https://owasp.org/www-community/attacks/xss https://portswigger.net/web-security/cross-site-scripting/stored • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23601
https://notcve.org/view.php?id=CVE-2024-23601
A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. • https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003ycL2AQ/sa00039 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1943 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1943 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-35953
https://notcve.org/view.php?id=CVE-2023-35953
An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric vertices section within an OFF file. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784 • CWE-121: Stack-based Buffer Overflow •