CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45758
https://notcve.org/view.php?id=CVE-2024-45758
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors. • https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068 https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7620 – Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import
https://notcve.org/view.php?id=CVE-2024-7620
This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3144365/customizer-export-import https://www.wordfence.com/threat-intel/vulnerabilities/id/7600e7df-725d-4877-b0bf-5329f814723f?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8463 – File upload restriction bypass vulnerability in Job Portal
https://notcve.org/view.php?id=CVE-2024-8463
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-job-portal • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45107 – ZDI-CAN-24186: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-45107
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45063 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-45063
A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-416: Use After Free •