CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30923 – DerbyNet 9.0 print/render/racer.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30923
05 Apr 2024 — SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering Vulnerabilidad de inyección SQL en DerbyNet v9.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de la cláusula donde en Racer Document Rendering DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc. • https://packetstorm.news/files/id/177957 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31266 – WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31266
05 Apr 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. • https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-4-4-remote-code-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-30270 – mailcow Path Traversal and Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30270
04 Apr 2024 — This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. • https://github.com/Alchemist3dot14/CVE-2024-30270-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25706 – HTMLi at createFolder Content Injection
https://notcve.org/view.php?id=CVE-2024-25706
04 Apr 2024 — This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time. There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3454
https://notcve.org/view.php?id=CVE-2023-3454
04 Apr 2024 — Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. Vulnerabilidad de ejecución remota de código (RCE) en Brocade Fabric OS posterior a v9.0 y anterior a v9.2.0 podría permitir a un atacante ejecutar código arbitrario y usarlo para obtener acceso raíz al conmutador Brocade. • https://security.netapp.com/advisory/ntap-20240628-0004 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20800 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-20800
04 Apr 2024 — This could result in arbitrary code execution within the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 93%CPEs: 40EXPL: 10CVE-2024-3273 – D-Link Multiple NAS Devices Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-3273
04 Apr 2024 — When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. • https://github.com/Chocapikk/CVE-2024-3273 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 6%CPEs: 40EXPL: 3CVE-2024-3272 – D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2024-3272
04 Apr 2024 — D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. • https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30565
https://notcve.org/view.php?id=CVE-2024-30565
04 Apr 2024 — An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. Se descubrió un problema en SeaCMS versión 12.9, que permite a atacantes remotos ejecutar código arbitrario a través de admin notify.php. • https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/SeaCMS_v.12.9.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36645
https://notcve.org/view.php?id=CVE-2023-36645
04 Apr 2024 — SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function. Vulnerabilidad de inyección SQL en ITB-GmbH TradePro v9.5, permite a atacantes remotos ejecutar consultas SQL a través del componente oordershow en la función de cliente. • https://github.com/caffeinated-labs/CVE-2023-36645 • CWE-94: Improper Control of Generation of Code ('Code Injection') •