CVE-2024-40495
https://notcve.org/view.php?id=CVE-2024-40495
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. • http://e2500.com http://linksys.com https://github.com/iotaMing/IOT-CVE/blob/master/Linksys/CVE-2024-40495/CVE-2024-40495.pdf •
CVE-2024-6756 – Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6756
This makes it possible for authenticated attackers, with Contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169 https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-6806 – Missing Authorization Checks In NI VeriStand Gateway For Project Resources
https://notcve.org/view.php?id=CVE-2024-6806
These missing checks may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •
CVE-2024-6805 – Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
https://notcve.org/view.php?id=CVE-2024-6805
These missing checks may result in information disclosure or remote code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •
CVE-2024-6794 – Deserialization of Untrusted Data in NI VeriStand Waveform Streaming Server
https://notcve.org/view.php?id=CVE-2024-6794
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html • CWE-502: Deserialization of Untrusted Data •