CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39715
https://notcve.org/view.php?id=CVE-2024-39715
07 Sep 2024 — A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38651
https://notcve.org/view.php?id=CVE-2024-38651
07 Sep 2024 — A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39714
https://notcve.org/view.php?id=CVE-2024-39714
07 Sep 2024 — A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8523 – lmxcms SQL Command Execution Module admin.php formatData code injection
https://notcve.org/view.php?id=CVE-2024-8523
07 Sep 2024 — The manipulation of the argument data leads to code injection. ... Dank Manipulation des Arguments data mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/gaorenyusi/gaorenyusi/blob/main/lmx.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2024-8394 – thunderbird: Crash when aborting verification of OTR chat
https://notcve.org/view.php?id=CVE-2024-8394
06 Sep 2024 — Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895737 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 71%CPEs: 1EXPL: 1CVE-2024-45507 – Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
https://notcve.org/view.php?id=CVE-2024-45507
04 Sep 2024 — Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. • https://github.com/Avento/CVE-2024-45507_Behinder_Webshell • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-7627 – Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition
https://notcve.org/view.php?id=CVE-2024-7627
04 Sep 2024 — The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions. WordPress Bit File Manager plugin versions 6.0 through 6.5.5 suffer from a remote code execution vulnerability via a rac... • https://packetstorm.news/files/id/189176 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45390 – @blakeembrey/template vulnerable to code injection when attacker controls template input
https://notcve.org/view.php?id=CVE-2024-45390
03 Sep 2024 — @blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature. • https://github.com/blakeembrey/js-template/commit/b8d9aa999e464816c6cfb14acd1ad0f5d1e335aa • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7345 – Direct local client connections to MS Agents can bypass authentication
https://notcve.org/view.php?id=CVE-2024-7345
03 Sep 2024 — Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms • https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8389 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-8389
03 Sep 2024 — Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1907230%2C1909367 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •