CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40482
https://notcve.org/view.php?id=CVE-2024-40482
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Unrestricted%20File%20Upload.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6891 – Journyx Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6891
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. • https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20479
https://notcve.org/view.php?id=CVE-2024-20479
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-20443
https://notcve.org/view.php?id=CVE-2024-20443
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 3CVE-2024-43044 – jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE
https://notcve.org/view.php?id=CVE-2024-43044
The ClassLoaderProxy#fetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller's file system due to insufficient path restrictions permissions, which could lead to Privilege Escalation and Remote Code Execution (RCE) • https://github.com/v9d0g/CVE-2024-43044-POC https://github.com/HwMex0/CVE-2024-43044 https://github.com/convisolabs/CVE-2024-43044-jenkins https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430 https://access.redhat.com/security/cve/CVE-2024-43044 https://bugzilla.redhat.com/show_bug.cgi?id=2303466 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •