CVE-2024-6782 – Calibre Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6782
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. • https://github.com/Uno13x/CVE-2024-6782-PoC https://github.com/zangjiahe/CVE-2024-6782 https://github.com/jdpsl/CVE-2024-6782 https://github.com/R4idB0Y/CVE-2024-6782-PoC https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9 https://starlabs.sg/advisories/24/24-6782 • CWE-863: Incorrect Authorization •
CVE-2024-41226
https://notcve.org/view.php?id=CVE-2024-41226
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. • https://medium.com/%40aksalsalimi/cve-2024-41226-response-manipulation-led-to-csv-injection-9ae3182dcc02 https://www.automationanywhere.com/products/automation-360 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2024-7565 – SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7565
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. ... An attacker can leverage this vulnerability to execute code in the context of the current user. •
CVE-2024-28740
https://notcve.org/view.php?id=CVE-2024-28740
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. • https://febin0x4e4a.wordpress.com/2023/01/11/xss-vulnerability-in-koha-integrated-library-system https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-39227
https://notcve.org/view.php?id=CVE-2024-39227
This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •