CVSS: 8.8EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34111 – SSRF in service connector
https://notcve.org/view.php?id=CVE-2024-34111
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 97%CPEs: 71EXPL: 19CVE-2024-34102 – Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. • https://github.com/bigb0x/CVE-2024-34102 https://github.com/11whoami99/CVE-2024-34102 https://github.com/unknownzerobit/poc https://github.com/d0rb/CVE-2024-34102 https://github.com/bughuntar/CVE-2024-34102 https://github.com/bughuntar/CVE-2024-34102-Python https://github.com/Chocapikk/CVE-2024-34102 https://github.com/th3gokul/CVE-2024-34102 https://github.com/0x0d3ad/CVE-2024-34102 https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.1EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34108 – Large attack surface through legit webhook usage in Adobe Commerce
https://notcve.org/view.php?id=CVE-2024-34108
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. ... La explotación de este problema no requiere la interacción del usuario, pero se requieren privilegios de administrador Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37849
https://notcve.org/view.php?id=CVE-2024-37849
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. Una vulnerabilidad de inyección SQL en itsourcecode Billing System 1.0 permite a un atacante local ejecutar código arbitrario en Process.php a través del parámetro de nombre de usuario. • https://github.com/ganzhi-qcy/cve/issues/3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28964
https://notcve.org/view.php?id=CVE-2024-28964
A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. • https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities • CWE-502: Deserialization of Untrusted Data •