CVE-2024-9985 Ragic Enterprise Cloud Database - Arbitrary File Upload

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server...

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

Detect vulnerabilities First, Use dnslog to detect whether CV...

CVE-2024-48781

The CVE-2024-48781 entry concerns Wanxing Technology Yitu Project Management Kirin Edition 2.3.6. A remote attacker can trigger arbitrary code execution by supplying a specially crafted file to /opt/EdrawProj-2/plugins/imageformat. The issue is described consistently across multiple sources (NVD/...

VulnCheck KEV: CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

Malicious code in splunk-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3b4cb45a7c61ff4ef92918dc5438c1ae4845121a1c99903638fb56ffdbe8014 The OpenSSF Package Analysis project identified 'splunk-docs' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

Adobe Animate Memory Misreference Vulnerability (CNVD-2024-41261)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

CVE-2024-4131

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges...

CVE-2024-4130

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges...

CVE-2024-4089

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges...

CVE-2024-33581

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges...

CVE-2024-33578

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges...

CVE-2024-33582

CVE-2024-33582 describes a DLL hijack vulnerability in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. The available connected documents reiterate a local, privilege-escalation scenario but do not provide concrete exploitation details, affected...

CVE-2024-33581

CVE-2024-33581 describes a DLL hijack in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. The vulnerability is local, with low attack complexity and no user interaction required, and results in high impact to confidentiality, in...

CVE-2024-33580

CVE-2024-33580 describes a DLL hijack vulnerability in Lenovo Personal Cloud that could let a local attacker execute code with elevated privileges. Affected product: Lenovo Personal Cloud. Affected component: DLL loading path exploitation ( DLL hijack ). Root cause: DLL hijack leading to remote/l...

CVE-2024-33578

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges...

CVE-2024-33578

Technical details for CVE-2024-33578 are not publicly available in the provided documents. Monitor for updates as new information becomes available.

CVE-2024-9046

CVE-2024-9046 concerns Lenovo stARstudio with a DLL hijack that enables a local attacker to execute code with elevated privileges. Affected component: Lenovo stARstudio (DLL loading path likely). Root cause: DLL hijack vulnerability leading to privilege escalation. Impact: local code execution wi...

CVE-2024-4131

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges...

CVE-2024-4130

CVE-2024-4130 corresponds to a DLL hijack vulnerability in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. The connected documents consistently describe a local-privilege-escalation impact via a DLL hijack in Lenovo App Store, but do not furnish concre...

CVE-2024-4089

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges...