CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48235
https://notcve.org/view.php?id=CVE-2024-48235
25 Oct 2024 — An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. • https://gitee.com/oufu/ofcms/issues/IASIES • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48236
https://notcve.org/view.php?id=CVE-2024-48236
25 Oct 2024 — An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file • https://gitee.com/oufu/ofcms/issues/IASIBT • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48343
https://notcve.org/view.php?id=CVE-2024-48343
25 Oct 2024 — A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page. • code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48448
https://notcve.org/view.php?id=CVE-2024-48448
25 Oct 2024 — An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48450
https://notcve.org/view.php?id=CVE-2024-48450
25 Oct 2024 — An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48450 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48654
https://notcve.org/view.php?id=CVE-2024-48654
25 Oct 2024 — Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote attacker to execute arbitrary code via a crafted script to the login.php component. • https://github.com/Prabhatsk7/CVE/blob/main/CVE-2024-48654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48655
https://notcve.org/view.php?id=CVE-2024-48655
25 Oct 2024 — An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file. • https://medium.com/%400x0d0x0a/cve-2024-48655-server-side-javascript-code-injection-in-total-js-cms-c5fc18359bdc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48743
https://notcve.org/view.php?id=CVE-2024-48743
25 Oct 2024 — Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. • https://gist.github.com/rvismit/538232c3f258e468195febb69f3f2d3b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-37847
https://notcve.org/view.php?id=CVE-2024-37847
25 Oct 2024 — An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file. • https://github.com/herombey/Disclosures/blob/main/CVE-2024-37847%20File%20Upload%20Path%20Traversal.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48204
https://notcve.org/view.php?id=CVE-2024-48204
25 Oct 2024 — SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script. • https://gist.github.com/NasYangh/161618e4552ca40ad1ac25b4d673bfcf • CWE-94: Improper Control of Generation of Code ('Code Injection') •