CVSS: 9.8EPSS: 89%CPEs: 40EXPL: 9CVE-2024-3273 – D-Link Multiple NAS Devices Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-3273
When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. • https://github.com/Chocapikk/CVE-2024-3273 https://github.com/adhikara13/CVE-2024-3273 https://github.com/ThatNotEasy/CVE-2024-3273 https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT https://github.com/mrrobot0o/CVE-2024-3273- https://github.com/yarienkiva/honeypot-dlink-CVE-2024-3273 https://github.com/OIivr/Turvan6rkus-CVE-2024-3273 https://github.com/X-Projetion/CVE-2024-3273-D-Link-Remote-Code-Execution-RCE https://github.com/netsecfish/dlink https://supportannouncement.us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 40EXPL: 2CVE-2024-3272 – D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2024-3272
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. • https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE https://github.com/netsecfish/dlink https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 https://vuldb.com/?ctiid.259283 https://vuldb.com/?id.259283 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30565
https://notcve.org/view.php?id=CVE-2024-30565
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. Se descubrió un problema en SeaCMS versión 12.9, que permite a atacantes remotos ejecutar código arbitrario a través de admin notify.php. • https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/SeaCMS_v.12.9.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 1CVE-2023-36645
https://notcve.org/view.php?id=CVE-2023-36645
SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function. Vulnerabilidad de inyección SQL en ITB-GmbH TradePro v9.5, permite a atacantes remotos ejecutar consultas SQL a través del componente oordershow en la función de cliente. • https://github.com/caffeinated-labs/CVE-2023-36645 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-31380 – WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31380
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3. ... Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. • https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •