CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52778
https://notcve.org/view.php?id=CVE-2024-52778
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48406
https://notcve.org/view.php?id=CVE-2024-48406
29 Nov 2024 — Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c. • https://github.com/SunBK201/umicat/issues/2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52781
https://notcve.org/view.php?id=CVE-2024-52781
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52780
https://notcve.org/view.php?id=CVE-2024-52780
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36622
https://notcve.org/view.php?id=CVE-2024-36622
29 Nov 2024 — In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter. • https://gist.github.com/1047524396/ab997b902ec892e592a0df93f38e6941 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52777
https://notcve.org/view.php?id=CVE-2024-52777
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-35451
https://notcve.org/view.php?id=CVE-2024-35451
29 Nov 2024 — LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. • https://datafarm.co.th/blog/CVE-2024-35451:-From-%28Authenticated%29-SSRF-to-Remote-Code-Execution • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52779
https://notcve.org/view.php?id=CVE-2024-52779
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52782
https://notcve.org/view.php?id=CVE-2024-52782
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11971 – Guizhou Xiaoma Technology jpress Avatar upload cross site scripting
https://notcve.org/view.php?id=CVE-2024-11971
28 Nov 2024 — A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dycccccccc/jpress/blob/main/JPRESS%20file%20upload%20leads%20to%20code%20execution.docx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •