CVE-2024-22444
https://notcve.org/view.php?id=CVE-2024-22444
A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-41914
https://notcve.org/view.php?id=CVE-2024-41914
A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-6327 – Progress Telerik Report Server Deserialization
https://notcve.org/view.php?id=CVE-2024-6327
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. • https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327 https://www.telerik.com/report-server • CWE-502: Deserialization of Untrusted Data •
CVE-2024-40137
https://notcve.org/view.php?id=CVE-2024-40137
Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function. • https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-40137 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2024-40495
https://notcve.org/view.php?id=CVE-2024-40495
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. • http://e2500.com http://linksys.com https://github.com/iotaMing/IOT-CVE/blob/master/Linksys/CVE-2024-40495/CVE-2024-40495.pdf •