CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40400
https://notcve.org/view.php?id=CVE-2024-40400
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. • https://github.com/marcantondahmen/automad/issues/106 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39962
https://notcve.org/view.php?id=CVE-2024-39962
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. ... Se descubrió que D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 contiene una vulnerabilidad de ejecución remota de código (RCE) en el parámetro ntp_zone_val en /goform/set_ntp. • https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-41599
https://notcve.org/view.php?id=CVE-2024-41599
Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method Vulnerabilidad de Cross Site Scripting en RuoYi v.4.7.9 y anteriores permite a un atacante remoto ejecutar código arbitrario a través del método de carga de archivos • https://github.com/topsky979/Security-Collections/tree/main/CVE-2024-41599 •
CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-41597
https://notcve.org/view.php?id=CVE-2024-41597
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. • https://gist.github.com/DefensiumDevelopers/608be4d10b016dce0566925368a8b08c#file-cve-2024-41597-md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39963
https://notcve.org/view.php?id=CVE-2024-39963
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg. Se descubrió que el enrutador AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 y AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 contenían una vulnerabilidad de ejecución remota de comandos (RCE) autenticada a través de el parámetro macFilterType en /goform/setMacFilterCfg. • https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •