CVSS: 8.3EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34109 – Adobe Commerce | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2024-34109
13 Jun 2024 — Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34110 – RCE in the Adobe Commerce Webhook module through a legit webhook definition
https://notcve.org/view.php?id=CVE-2024-34110
13 Jun 2024 — Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34111 – SSRF in service connector
https://notcve.org/view.php?id=CVE-2024-34111
13 Jun 2024 — Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 18%CPEs: 71EXPL: 28CVE-2024-34102 – Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-34102
13 Jun 2024 — Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. ... Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an improper restriction of XML External Entity Reference (XXE) vulnerability that could result in arbitrary code execution. • https://packetstorm.news/files/id/179640 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.1EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34108 – Large attack surface through legit webhook usage in Adobe Commerce
https://notcve.org/view.php?id=CVE-2024-34108
13 Jun 2024 — Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. ... La explotación de este problema no requiere la interacción del usuario, pero se requieren privilegios de administrador Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code... • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37849
https://notcve.org/view.php?id=CVE-2024-37849
13 Jun 2024 — A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. Una vulnerabilidad de inyección SQL en itsourcecode Billing System 1.0 permite a un atacante local ejecutar código arbitrario en Process.php a través del parámetro de nombre de usuario. • https://github.com/ganzhi-qcy/cve/issues/3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28964
https://notcve.org/view.php?id=CVE-2024-28964
12 Jun 2024 — A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. • https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1577 – Remote Code Execution in MegaBIP
https://notcve.org/view.php?id=CVE-2024-1577
12 Jun 2024 — Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. La vulnerabilidad de ejecución remota de código en el software MegaBIP permite ejecutar código arbitrario en el servidor sin requerir autenticación al guardar el código PHP creado por el atacante en uno de los archivos del sitio web. Este prob... • https://cert.pl/en/posts/2024/06/CVE-2024-1576 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5847 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5847
11 Jun 2024 — (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5846 – Debian Security Advisory 5710-1
https://notcve.org/view.php?id=CVE-2024-5846
11 Jun 2024 — (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html • CWE-416: Use After Free •