CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-41333 – Tourism Management System 2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-41333
A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter. • https://packetstormsecurity.com/files/179891/Tourism-Management-System-2.0-Cross-Site-Scripting.html https://www.linkedin.com/in/sampath-kumar-kadajari-4b18891a7 •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38876
https://notcve.org/view.php?id=CVE-2024-38876
The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.6EPSS: 1%CPEs: 1EXPL: 0CVE-2024-36268 – Apache InLong TubeMQ Client: Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36268
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. • https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39392 – Adobe Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39392
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-48.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41956 – Soft Serve allows arbitrary code execution by crafting git-lfs requests
https://notcve.org/view.php?id=CVE-2024-41956
Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. • https://github.com/charmbracelet/soft-serve/commit/4daebdd422a6ba8c04162d023f8be355a8fe3184 https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •