CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-6596 – Endress+Hauser: Multiple products are vulnerable to code injection
https://notcve.org/view.php?id=CVE-2024-6596
10 Sep 2024 — An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. • https://cert.vde.com/en/advisories/VDE-2024-041 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44871
https://notcve.org/view.php?id=CVE-2024-44871
10 Sep 2024 — An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/moziloDasEinsteigerCMS/mozilo3.0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38018 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38018
10 Sep 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7626 – WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) <= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read
https://notcve.org/view.php?id=CVE-2024-7626
10 Sep 2024 — This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=cve • CWE-73: External Control of File Name or Path •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44676
https://notcve.org/view.php?id=CVE-2024-44676
10 Sep 2024 — eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. • https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44872
https://notcve.org/view.php?id=CVE-2024-44872
10 Sep 2024 — A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/moziloDasEinsteigerCMS/mozilo3.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-34831 – GibbonEdu Core 26.0.00 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-34831
10 Sep 2024 — cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. • https://packetstorm.news/files/id/181591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44677
https://notcve.org/view.php?id=CVE-2024-44677
10 Sep 2024 — eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. • https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 2%CPEs: 25EXPL: 0CVE-2024-43461 – Microsoft Windows MSHTML Platform Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-43461
10 Sep 2024 — Windows MSHTML Platform Spoofing Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39378 – Audition | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-39378
10 Sep 2024 — Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/audition/apsb24-54.html • CWE-787: Out-of-bounds Write •