CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-27705
https://notcve.org/view.php?id=CVE-2024-27705
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. La vulnerabilidad de Cross Site Scripting en Leantime v3.0.6 permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo PDF manipulado en el endpoint de archivos/exploración. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27705 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31013
https://notcve.org/view.php?id=CVE-2024-31013
Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. Vulnerabilidad de Cross Site Scripting (XSS) en emlog versión Pro 2.3, permite a atacantes remotos ejecutar código arbitrario a través de un payload manipulado en la parte inferior de la página de inicio en el parámetro footer_info. • https://github.com/emlog/emlog/issues/291 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31011
https://notcve.org/view.php?id=CVE-2024-31011
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. Vulnerabilidad de escritura arbitraria en archivos en beescms v.4.0, permite a un atacante remoto ejecutar código arbitrario a través de una ruta de archivo que no estaba aislada y el sufijo no estaba verificado en admin_template.php. • https://github.com/ss122-0ss/beescms/blob/main/readme.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30568
https://notcve.org/view.php?id=CVE-2024-30568
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Se descubrió que Netgear R6850 1.1.0.88 contiene una vulnerabilidad de inyección de comandos a través del parámetro c4-IPAddr. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Netgear-R6850%20V1.1.0.88%20Command%20Injection%28ping_test%29.md https://www.netgear.com/about/security • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 3CVE-2024-2389 – Flowmon Unauthenticated Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-2389
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. En las versiones de Flowmon anteriores a la 11.1.14 y 12.3.5, se identificó una vulnerabilidad de inyección de comandos del sistema operativo. Un usuario no autenticado puede acceder al sistema a través de la interfaz de administración de Flowmon, lo que permite la ejecución de comandos arbitrarios del sistema. • https://github.com/Surko888/Surko-Exploit-Jenkins-CVE-2024-23897 https://github.com/Abo5/CVE-2024-23897 https://github.com/adhikara13/CVE-2024-2389 https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability https://www.flowmon.com https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •