CVSS: 6.2EPSS: 0%CPEs: -EXPL: 1CVE-2024-30270 – mailcow Path Traversal and Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30270
This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. • https://github.com/Alchemist3dot14/CVE-2024-30270-PoC https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4m8r-87gc-3vvp https://mailcow.email/posts/2024/release-2024-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-25706 – HTMLi at createFolder Content Injection
https://notcve.org/view.php?id=CVE-2024-25706
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time. There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2023-3454
https://notcve.org/view.php?id=CVE-2023-3454
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. Vulnerabilidad de ejecución remota de código (RCE) en Brocade Fabric OS posterior a v9.0 y anterior a v9.2.0 podría permitir a un atacante ejecutar código arbitrario y usarlo para obtener acceso raíz al conmutador Brocade. • https://security.netapp.com/advisory/ntap-20240628-0004 https://support.broadcom.com/external/content/SecurityAdvisories/0/23215 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20800 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-20800
This could result in arbitrary code execution within the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 89%CPEs: 40EXPL: 9CVE-2024-3273 – D-Link Multiple NAS Devices Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-3273
When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. • https://github.com/Chocapikk/CVE-2024-3273 https://github.com/adhikara13/CVE-2024-3273 https://github.com/ThatNotEasy/CVE-2024-3273 https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT https://github.com/mrrobot0o/CVE-2024-3273- https://github.com/yarienkiva/honeypot-dlink-CVE-2024-3273 https://github.com/OIivr/Turvan6rkus-CVE-2024-3273 https://github.com/X-Projetion/CVE-2024-3273-D-Link-Remote-Code-Execution-RCE https://github.com/netsecfish/dlink https://supportannouncement.us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •