CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40516
https://notcve.org/view.php?id=CVE-2024-40516
., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/2acc62c6283c7a1fe3af046b05091d15 • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40425
https://notcve.org/view.php?id=CVE-2024-40425
File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component. • https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39915 – Authenticated remote code execution in Thruk
https://notcve.org/view.php?id=CVE-2024-39915
This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. ... Este RCE autenticado en Thruk permite a los usuarios autorizados con acceso a la red inyectar comandos arbitrarios a través del parámetro URL durante la generación de informes PDF. • https://github.com/sni/Thruk/commit/7e7eb251e76718a07639c4781f0d959d817f173b https://github.com/sni/Thruk/security/advisories/GHSA-r7gx-h738-4w6f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46801 – Apache Linkis DataSource: DataSource Remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-46801
In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. • https://lists.apache.org/thread/0dnzh64xy1n7qo3rgo2loz9zn7m9xgdx • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6345 – Remote Code Execution in pypa/setuptools
https://notcve.org/view.php?id=CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. ... Affected versions of this package allow remote code execution via its download functions. • https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 • CWE-94: Improper Control of Generation of Code ('Code Injection') •