CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44414
https://notcve.org/view.php?id=CVE-2024-44414
A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection. • https://github.com/IotChan/cve/blob/main/wayos/FBM_292W/CVE-2024-44414 https://github.com/IotChan/cve/blob/main/wayos/FBM_292W/wayos%20FBM_292W.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-48987
https://notcve.org/view.php?id=CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. • https://github.com/snipe/snipe-it/releases/tag/v7.0.10 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-46532
https://notcve.org/view.php?id=CVE-2024-46532
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. • https://github.com/KamenRiderDarker/CVE-2024-46532 http://openhis.com https://github.com/1638824607/OpenHIS?tab=readme-ov-file https://github.com/KamenRiderDarker/CVE-2024-46532/tree/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48827
https://notcve.org/view.php?id=CVE-2024-48827
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. • https://github.com/sbondCo/Watcharr https://github.com/sbondCo/Watcharr/releases/tag/v1.43.0 https://github.com/yamerooo123/CVE/blob/main/CVE-2024-48827/Description.md • CWE-613: Insufficient Session Expiration •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47966 – Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2
https://notcve.org/view.php?id=CVE-2024-47966
An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21 • CWE-457: Use of Uninitialized Variable •