CVE-2024-51367

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file...

CVE-2024-29292

Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 = v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters...

CVE-2024-10913

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain i...

CVE-2024-11495 Buffer overflow in OllyDbg

Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking...

CVE-2024-11495

CVE-2024-11495 describes a buffer overflow in OllyDbg 1.10 caused by lack of proper bounds checking, enabling a local attacker to execute arbitrary code. Multiple sources (NVD, CVE record) confirm a local-exploit scenario with high impact, consistent with a serverless/hosted debugger context. The...

SUSE CVE-2024-53086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xesyncinfenceget failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. cherry picked from commit 7d1a4258e602ffdce529f56686925034c1b3b095...

CVE-2024-52770

An arbitrary file upload vulnerability in the component /admin/filemanagecontrol of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-52725

SemCms v4.8 has a SQL injection in SEMCMS_SeoAndTag.php via the ldgid parameter, enabling arbitrary code execution. Root cause: SQLi in the affected component. Impact (per sources): potential code execution with high confidentiality impact; CVSS v3.1 base score 4.9 (MEDIUM). Exploitation details ...

CVE-2024-52769

An arbitrary file upload vulnerability in the component /admin/friendlinkedit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-52769

CVE-2024-52769 affects DedeBIZ v6.3.0 with an arbitrary file upload vulnerability in the /admin/friendlink_edit endpoint (also referenced as /admin/friendlink edit). Exploitation allows attackers to execute arbitrary code via a crafted file. The NVD entry cites CVSSv3.1: AV:N/AC:L/PR:H/UI:N/S:U/C...

CVE-2024-52769

An arbitrary file upload vulnerability in the component /admin/friendlinkedit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-52770

An arbitrary file upload vulnerability in the component /admin/filemanagecontrol of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-48991

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...

CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

CVE-2024-48991

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...

CVE-2024-48991

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter instead of the system's real Python interpreter. The initial security fix 6ce6136...

CVE-2024-48990

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable...

CVE-2024-33231

Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component...

CVE-2024-51053

An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-22067

ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...