CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42681
https://notcve.org/view.php?id=CVE-2024-42681
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. • https://github.com/xuxueli/xxl-job/issues/3516 • CWE-277: Insecure Inherited Permissions •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-22218
https://notcve.org/view.php?id=CVE-2024-22218
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks. • https://docs.terminalfour.com/articles/release-notes-highlights https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22218--cve-2024-22219 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42676
https://notcve.org/view.php?id=CVE-2024-42676
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. • https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZupload.md https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-42676.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-42678
https://notcve.org/view.php?id=CVE-2024-42678
Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. • https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYxss.md https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-42678.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43368 – Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste
https://notcve.org/view.php?id=CVE-2024-43368
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. ... An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. • https://github.com/basecamp/trix/commit/7656f578af0d03141a72a9d27cb3692e6947dae6 https://github.com/basecamp/trix/pull/1149 https://github.com/basecamp/trix/pull/1156 https://github.com/basecamp/trix/releases/tag/v2.1.4 https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99 https://github.com/basecamp/trix/security/advisories/GHSA-qm2q-9f3q-2vcv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •