CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45826 – ThinManager® Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45826
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45824 – FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation
https://notcve.org/view.php?id=CVE-2024-45824
The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-28991 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28991
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28991 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2020-24061
https://notcve.org/view.php?id=CVE-2020-24061
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script • https://github.com/0xadik/CVEs/tree/main/CVE-2020-24061 https://medium.com/%40sadikul.islam/kasda-kw5515-cross-site-scripting-html-injection-e6cb9f65ae89?sk=5e1ea8e1cba8dbeaff7f9cd710808354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-29847 – Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29847
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://github.com/horizon3ai/CVE-2024-29847 https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-502: Deserialization of Untrusted Data •