CVSS: 9.8EPSS: 2%CPEs: -EXPL: 0CVE-2024-28986 – SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2024-28986
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. ... SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. ... SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution. • https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4389 – Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-4389
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/WordPress/FileUploaderService.php#L28 https://plugins.trac.wordpress.org/changeset/3108589/depicter/trunk/app/src/WordPress/FileUploaderService.php https://www.wordfence.com/threat-intel/vulnerabilities/id/81f025da-c28c-4a80-8b4f-27dae07b2b04?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6079 – DLL Hijacking Vulnerability Exists in Rockwell Automation Emulate3D™
https://notcve.org/view.php?id=CVE-2024-6079
A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. ... If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201683.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38120 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38120
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38120 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38195 – Azure CycleCloud Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38195
Azure CycleCloud Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38195 • CWE-284: Improper Access Control •