CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-23469 – SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23469
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31411 – Apache StreamPipes: Potential remote code execution (RCE) via file upload
https://notcve.org/view.php?id=CVE-2024-31411
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. • https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39877 – Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
https://notcve.org/view.php?id=CVE-2024-39877
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. • https://github.com/apache/airflow/pull/40522 https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-277: Insecure Inherited Permissions •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2023-43971
https://notcve.org/view.php?id=CVE-2023-43971
Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php. • https://gist.github.com/N0boy-0/7251856fed517eb6358d8cae03099b7b https://github.com/lizhipay/acg-faka/issues/72 •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-40492
https://notcve.org/view.php?id=CVE-2024-40492
Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. • https://github.com/minendie/POC_CVE-2024-40492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •