CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39378 – Audition | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-39378
10 Sep 2024 — Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/audition/apsb24-54.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39384 – Premiere Pro | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-39384
10 Sep 2024 — Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/premiere_pro/apsb24-58.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43760 – Photoshop Desktop | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-43760
10 Sep 2024 — Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb24-72.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39381 – After Effects | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-39381
10 Sep 2024 — After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/after_effects/apsb24-55.html • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37288
https://notcve.org/view.php?id=CVE-2024-37288
09 Sep 2024 — A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. • https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8268 – Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call
https://notcve.org/view.php?id=CVE-2024-8268
09 Sep 2024 — The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. • https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.4/route/class-fed-request.php#L29 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44410
https://notcve.org/view.php?id=CVE-2024-44410
09 Sep 2024 — D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. • https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44411
https://notcve.org/view.php?id=CVE-2024-44411
09 Sep 2024 — D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. • https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44411 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44724
https://notcve.org/view.php?id=CVE-2024-44724
09 Sep 2024 — AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. • https://github.com/Hebing123/cve/issues/68 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8478 – Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8478
09 Sep 2024 — The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/amazonsimpleadmin/trunk/AsaCore.php#L285 • CWE-94: Improper Control of Generation of Code ('Code Injection') •