CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42757
https://notcve.org/view.php?id=CVE-2024-42757
Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. • https://github.com/Nop3z/CVE/blob/main/Asus/FW_RT_N15U_30043763754/FW_RT_N15U_30043763754%20RCE.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42679
https://notcve.org/view.php?id=CVE-2024-42679
SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. • https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYsqli.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42681
https://notcve.org/view.php?id=CVE-2024-42681
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. • https://github.com/xuxueli/xxl-job/issues/3516 • CWE-277: Insecure Inherited Permissions •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-22218
https://notcve.org/view.php?id=CVE-2024-22218
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks. • https://docs.terminalfour.com/articles/release-notes-highlights https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22218--cve-2024-22219 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39391 – Adobe Indesign XLS File Parsing Out Of Bound Write Remote Code execution vulnerability
https://notcve.org/view.php?id=CVE-2024-39391
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-56.html • CWE-787: Out-of-bounds Write •