CVE-2024-40318
https://notcve.org/view.php?id=CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/3v1lC0d3/RCE-QloApps-CVE-2024-40318 https://github.com/3v1lC0d3/RCE-QloApps/blob/main/qloapps--RCE.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-41135 – Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface
https://notcve.org/view.php?id=CVE-2024-41135
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-41134 – Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface
https://notcve.org/view.php?id=CVE-2024-41134
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-41133 – Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface
https://notcve.org/view.php?id=CVE-2024-41133
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. • https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-41662 – VNote vulnerable to Markdown XSS, which leads to RCE
https://notcve.org/view.php?id=CVE-2024-41662
This vulnerability allows the injection and execution of arbitrary JavaScript code through which remote code execution can be achieved. • https://github.com/sh3bu/CVE-2024-41662 https://github.com/vnotex/vnote/commit/f1af78573a0ef51d6ef6a0bc4080cddc8f30a545 https://github.com/vnotex/vnote/security/advisories/GHSA-w655-h68w-vxxc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •