CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37869
https://notcve.org/view.php?id=CVE-2024-37869
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable • https://gist.github.com/TERRENCE-REX/7e5dfdd3583bf9fd81196f557a8b8879 https://github.com/TERRENCE-REX/CVE/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37868
https://notcve.org/view.php?id=CVE-2024-37868
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. • https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed https://github.com/TERRENCE-REX/CVE/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-46486
https://notcve.org/view.php?id=CVE-2024-46486
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. • https://github.com/fishykz/TP-POC https://yuhehe88.github.io/2024/09/04/TL-WDR5620-Gigabit-Edition-v2-3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41988 – Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter
https://notcve.org/view.php?id=CVE-2024-41988
This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47561 – Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
https://notcve.org/view.php?id=CVE-2024-47561
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue. ... This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute. • https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x https://access.redhat.com/security/cve/CVE-2024-47561 https://bugzilla.redhat.com/show_bug.cgi?id=2316116 • CWE-502: Deserialization of Untrusted Data •