CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28698
https://notcve.org/view.php?id=CVE-2024-28698
Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. • https://github.com/MarimerLLC/csla/pull/3552 https://www.intruder.io/research/path-traversal-and-code-execution-in-csla-net-cve-2024-28698 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-6960 – H2O deserializes ML models without filtering, potentially allowing execution of malicious code
https://notcve.org/view.php?id=CVE-2024-6960
An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform. • https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518 • CWE-502: Deserialization of Untrusted Data •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-40347
https://notcve.org/view.php?id=CVE-2024-40347
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. • https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39906 – Remote code execution in Haven IndieAuthClient (GHSL-2024-093)
https://notcve.org/view.php?id=CVE-2024-39906
This issue may lead to Remote Code Execution (RCE) and has been addressed by commit `c52f07c`. ... Este problema puede provocar la ejecución remota de código (RCE) y se solucionó mediante la confirmación `c52f07c`. • https://github.com/havenweb/haven/commit/c52f07c https://github.com/havenweb/haven/security/advisories/GHSA-65cm-7g24-hm9f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40724
https://notcve.org/view.php?id=CVE-2024-40724
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product. • https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97 https://github.com/assimp/assimp/releases/tag/v5.4.2 https://jvn.jp/en/jp/JVN87710540 •