CVE-2024-8255 – Path Traversal in Ocean Data Systems Dream Report
https://notcve.org/view.php?id=CVE-2024-8255
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-242-02 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-41367
https://notcve.org/view.php?id=CVE-2024-41367
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2397 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-44777 – vTiger CRM 7.4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-44777
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities. • http://vtiger.com https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41364
https://notcve.org/view.php?id=CVE-2024-41364
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2400 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-44778 – vTiger CRM 7.4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-44778
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities. • http://vtiger.com https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •