CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45271 – MB connect line/Helmholz: Remote code execution due to improper input validation
https://notcve.org/view.php?id=CVE-2024-45271
15 Oct 2024 — An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Un atacante local no autenticado puede obtener privilegios de administrador al implementar un archivo de configuración debido a una validación de entrada incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-056 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-47943 – Improper signature verification of firmware upgrade files
https://notcve.org/view.php?id=CVE-2024-47943
15 Oct 2024 — This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code. ... This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code. • https://r.sec-consult.com/rittaliot • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9985 – Ragic Enterprise Cloud Database - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9985
15 Oct 2024 — Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. • https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21535
https://notcve.org/view.php?id=CVE-2024-21535
15 Oct 2024 — An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. • https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9710 – PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9710
15 Oct 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. ... An attacker can leverage this vulnerability to execute code in the context of the service account. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://github.com/PostHog/posthog/pull/25388 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48279
https://notcve.org/view.php?id=CVE-2024-48279
15 Oct 2024 — This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. • https://github.com/m14r41/Writeups/blob/main/CVE/phpGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/HTML%20Injection%20-%20Search.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48280
https://notcve.org/view.php?id=CVE-2024-48280
15 Oct 2024 — A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request. • https://github.com/m14r41/Writeups/blob/main/CVE/phpGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/SQL%20Injection%20-%20Bw%20Date%20Report%20%28%20fromdate%29.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48282
https://notcve.org/view.php?id=CVE-2024-48282
15 Oct 2024 — A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request. • https://github.com/m14r41/Writeups/blob/main/CVE/phpGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/SQL%20Injection%20-%20Forget%20Password.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48779
https://notcve.org/view.php?id=CVE-2024-48779
15 Oct 2024 — An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. • https://gist.github.com/zty-1995/3fcdf702017ad6721e5011f74c1f6cee •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48781
https://notcve.org/view.php?id=CVE-2024-48781
15 Oct 2024 — An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. • https://gist.github.com/zty-1995/a7948be24b3411759a6afa3cc616dc12 • CWE-434: Unrestricted Upload of File with Dangerous Type •