CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7104 – Remote Code Execution in SFS Consulting's ww.Winsure
https://notcve.org/view.php?id=CVE-2024-7104
16 Sep 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. • https://www.usom.gov.tr/bildirim/tr-24-1475 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-22399 – Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
https://notcve.org/view.php?id=CVE-2024-22399
16 Sep 2024 — Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. • https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39613 – RCE in desktop app in Windows by local attacker
https://notcve.org/view.php?id=CVE-2024-39613
16 Sep 2024 — Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause r... • https://mattermost.com/security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45695 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45695
16 Sep 2024 — The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45694 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45694
16 Sep 2024 — The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45413
https://notcve.org/view.php?id=CVE-2024-45413
16 Sep 2024 — An authenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45416
https://notcve.org/view.php?id=CVE-2024-45416
16 Sep 2024 — An attacker who is able to write a malicious file in the sessions directory can get RCE as root. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45415
https://notcve.org/view.php?id=CVE-2024-45415
16 Sep 2024 — An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44048 – WordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44048
16 Sep 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/woo-product-carousel-slider-and-grid-ultimate/wordpress-product-carousel-slider-grid-ultimate-for-woocommerce-plugin-1-9-10-authenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-44623
https://notcve.org/view.php?id=CVE-2024-44623
16 Sep 2024 — An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. • https://github.com/merbinr/CVE-2024-44623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •