CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6327 – Progress Telerik Report Server Deserialization
https://notcve.org/view.php?id=CVE-2024-6327
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. • https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327 https://www.telerik.com/report-server • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40137
https://notcve.org/view.php?id=CVE-2024-40137
Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function. • https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-40137 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-40495
https://notcve.org/view.php?id=CVE-2024-40495
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. • http://e2500.com http://linksys.com https://github.com/iotaMing/IOT-CVE/blob/master/Linksys/CVE-2024-40495/CVE-2024-40495.pdf •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6756 – Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6756
This makes it possible for authenticated attackers, with Contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169 https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6806 – Missing Authorization Checks In NI VeriStand Gateway For Project Resources
https://notcve.org/view.php?id=CVE-2024-6806
These missing checks may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •