CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-7037 – Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7037
This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution. • https://huntr.com/bounties/8508db68-9c99-4b1c-828c-e1bfcacfb847 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8015 – Telerik Report Server Insecure Type Resolution
https://notcve.org/view.php?id=CVE-2024-8015
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47422 – Adobe Framemaker | Untrusted Search Path (CWE-426)
https://notcve.org/view.php?id=CVE-2024-47422
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. ... This could allow the attacker to execute arbitrary code in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb24-82.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45142 – Substance3D - Stager | Write-what-where Condition (CWE-123)
https://notcve.org/view.php?id=CVE-2024-45142
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html • CWE-123: Write-what-where Condition •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-9680 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. ... An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. ... A remote code execution vulnerability was found in Firefox and Thunderbird. The Mozilla Foundation Security Advisories state: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. • https://github.com/tdonaworth/Firefox-CVE-2024-9680 https://bugzilla.mozilla.org/show_bug.cgi?id=1923344 https://www.mozilla.org/security/advisories/mfsa2024-51 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 https://www.mozilla.org/security/advisories/mfsa2024-52 https://access.redhat.com/security/cve/CVE-2024-9680 https://bugzilla.redhat.com/show_bug.cgi?id=2317442 • CWE-416: Use After Free •