CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45271 – MB connect line/Helmholz: Remote code execution due to improper input validation
https://notcve.org/view.php?id=CVE-2024-45271
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Un atacante local no autenticado puede obtener privilegios de administrador al implementar un archivo de configuración debido a una validación de entrada incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-47943 – Improper signature verification of firmware upgrade files
https://notcve.org/view.php?id=CVE-2024-47943
This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code. • https://r.sec-consult.com/rittaliot https://www.rittal.com/de-de/products/deep/3124300 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-9985 – Ragic Enterprise Cloud Database - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9985
Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. • https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-21535
https://notcve.org/view.php?id=CVE-2024-21535
An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. • https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49287 – WordPress PDF-Rechnungsverwaltung plugin <= 0.0.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-49287
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/pdf-rechnungsverwaltung/wordpress-pdf-rechnungsverwaltung-plugin-0-0-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •