CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6361 – Improper Neutralization vulnerability (XSS) has been discovered in OpenTextâ„¢ ALM Octane product.
https://notcve.org/view.php?id=CVE-2024-6361
The vulnerability could cause remote code execution attack. • https://portal.microfocus.com/s/article/KM000032605?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 93%CPEs: 1EXPL: 6CVE-2024-38856 – Apache OFBiz Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2024-38856
Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker. • https://github.com/codeb0ss/CVE-2024-38856-PoC https://github.com/Praison001/CVE-2024-38856-ApacheOfBiz https://github.com/0x20c/CVE-2024-38856-EXP https://github.com/ThatNotEasy/CVE-2024-38856 https://github.com/BBD-YZZ/CVE-2024-38856-RCE https://github.com/emanueldosreis/CVE-2024-38856 https://issues.apache.org/jira/browse/OFBIZ-13128 https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-40498
https://notcve.org/view.php?id=CVE-2024-40498
SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php • https://github.com/Dirac231/CVE-2024-40498 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7484 – CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7484
This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/crm-perks-forms/trunk/includes/front-form.php?rev=3003885#L3271 https://plugins.trac.wordpress.org/changeset/3016768/crm-perks-forms https://www.wordfence.com/threat-intel/vulnerabilities/id/02c6ec97-50cc-4c61-9bb7-b94250d5dda3?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7547 – oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7547
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. ... This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. • https://www.zerodayinitiative.com/advisories/ZDI-24-1087 • CWE-121: Stack-based Buffer Overflow •