CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44335
https://notcve.org/view.php?id=CVE-2024-44335
09 Sep 2024 — D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp. • https://gist.github.com/Swind1er/029fb2a9dab916f926fab40cc059223f • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7770 – Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7770
09 Sep 2024 — The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code exec... • https://www.wordfence.com/threat-intel/vulnerabilities/id/9cae7702-e531-45b9-9131-42edbc073a07?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42024
https://notcve.org/view.php?id=CVE-2024-42024
07 Sep 2024 — A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. • https://www.veeam.com/kb4649 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 4CVE-2024-40711 – Veeam Backup and Replication Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-40711
07 Sep 2024 — A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. • https://packetstorm.news/files/id/181539 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39715
https://notcve.org/view.php?id=CVE-2024-39715
07 Sep 2024 — A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38651
https://notcve.org/view.php?id=CVE-2024-38651
07 Sep 2024 — A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39714
https://notcve.org/view.php?id=CVE-2024-39714
07 Sep 2024 — A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40710
https://notcve.org/view.php?id=CVE-2024-40710
07 Sep 2024 — A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). • https://www.veeam.com/kb4649 • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 80%CPEs: 3EXPL: 4CVE-2024-8517 – SPIP Bigup Multipart File Upload OS Command Injection
https://notcve.org/view.php?id=CVE-2024-8517
06 Sep 2024 — A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. • https://vulncheck.com/advisories/spip-upload-rce • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7620 – Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import
https://notcve.org/view.php?id=CVE-2024-7620
06 Sep 2024 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3144365/customizer-export-import • CWE-434: Unrestricted Upload of File with Dangerous Type •