CVSS: 9.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-28991 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28991
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. • https://github.com/maybeheisenberg/PoC-for-CVE-2024-28991 https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28991 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2020-24061
https://notcve.org/view.php?id=CVE-2020-24061
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script • https://github.com/0xadik/CVEs/tree/main/CVE-2020-24061 https://medium.com/%40sadikul.islam/kasda-kw5515-cross-site-scripting-html-injection-e6cb9f65ae89?sk=5e1ea8e1cba8dbeaff7f9cd710808354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: -EXPL: 2CVE-2024-29847 – Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29847
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. • https://github.com/horizon3ai/CVE-2024-29847 https://github.com/sinsinology/CVE-2024-29847 https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27114 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27114
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. • https://csirt.divd.nl/CVE-2024-27114 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27115 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27115
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. • https://csirt.divd.nl/CVE-2024-27115 • CWE-434: Unrestricted Upload of File with Dangerous Type •