CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-6782 – Calibre Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6782
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. • https://github.com/Uno13x/CVE-2024-6782-PoC https://github.com/zangjiahe/CVE-2024-6782 https://github.com/jdpsl/CVE-2024-6782 https://github.com/R4idB0Y/CVE-2024-6782-PoC https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9 https://starlabs.sg/advisories/24/24-6782 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41226
https://notcve.org/view.php?id=CVE-2024-41226
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. • https://medium.com/%40aksalsalimi/cve-2024-41226-response-manipulation-led-to-csv-injection-9ae3182dcc02 https://www.automationanywhere.com/products/automation-360 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7565 – SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7565
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-28740
https://notcve.org/view.php?id=CVE-2024-28740
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. • https://febin0x4e4a.wordpress.com/2023/01/11/xss-vulnerability-in-koha-integrated-library-system https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39227
https://notcve.org/view.php?id=CVE-2024-39227
This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •