CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44335
https://notcve.org/view.php?id=CVE-2024-44335
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp. • https://gist.github.com/Swind1er/029fb2a9dab916f926fab40cc059223f https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-24510
https://notcve.org/view.php?id=CVE-2024-24510
Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component. • https://book.hacktricks.xyz/pentesting-web/xs-search/css-injection https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-44849
https://notcve.org/view.php?id=CVE-2024-44849
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. • https://github.com/extencil/CVE-2024-44849 https://blog.extencil.me/information-security/cves/cve-2024-44849 https://github.com/extencil/CVE-2024-44849?tab=readme-ov-file • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42024
https://notcve.org/view.php?id=CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. • https://www.veeam.com/kb4649 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 3CVE-2024-40711 – Veeam Backup and Replication Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-40711
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. • https://github.com/watchtowrlabs/CVE-2024-40711?tab=readme-ov-file https://github.com/watchtowrlabs/CVE-2024-40711 https://github.com/realstatus/CVE-2024-40711-Exp https://www.veeam.com/kb4649 • CWE-502: Deserialization of Untrusted Data •