CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8531 – Schneider Electric EcoStruxure Data Center Expert Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8531
The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21534 – jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization
https://notcve.org/view.php?id=CVE-2024-21534
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. ... This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. • https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019 https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0 https://github.com/JSONPath-Plus/JSONPath/issues/226 https://access.redhat.com/security/cve/CVE-2024-21534 https://bugzilla.redhat.com/show_bug.cgi?id=2317968 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46088
https://notcve.org/view.php?id=CVE-2024-46088
An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. • http://zhejiang.com https://periwinkle-brother-031.notion.site/Analysis-of-any-file-upload-vulnerability-of-Zhejiang-University-Entersoft-Customer-Resource-Managem-0f88a0e77d6f4f638bc3c4e508a1e0ed https://www.entersoft.cn • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-44731
https://notcve.org/view.php?id=CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections. • https://aware7.com/de/blog/schwachstellen-in-videokonferenzsystemen https://github.com/miroslavpejic85 https://github.com/miroslavpejic85/mirotalk https://github.com/miroslavpejic85/mirotalksfu/blob/main/SECURITY.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45316 – SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-45316
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •