CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40524
https://notcve.org/view.php?id=CVE-2024-40524
Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component. • https://www.yuque.com/iceqaq/rtn9q7/cdd9w9phgxuqy4to • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39841 – Centreon testServiceExistence SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39841
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. • https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36522 – Apache Wicket: Remote code execution via XSLT injection
https://notcve.org/view.php?id=CVE-2024-36522
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue. • http://www.openwall.com/lists/oss-security/2024/07/12/2 https://lists.apache.org/thread/w613qh7yors840pbx00l1pq6wkl9jzkc • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6396 – Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6396
This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. • https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30213
https://notcve.org/view.php?id=CVE-2024-30213
StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution. • https://stonefly.com/security-advisories/cve-2024-30213 https://www.stonefly.com/services • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •