CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42852
https://notcve.org/view.php?id=CVE-2024-42852
23 Aug 2024 — Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component. • https://github.com/Hebing123/cve/issues/64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-42845 – Invesalius 3.1 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-42845
23 Aug 2024 — An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. • https://packetstorm.news/files/id/180378 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38210 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38210
22 Aug 2024 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38210 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38209 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38209
22 Aug 2024 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38209 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7258 – WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-7258
22 Aug 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L537 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7559 – File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7559
22 Aug 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://filemanagerpro.io/file-manager-pro • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-7988 – ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-7988
22 Aug 2024 — A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://github.com/hatvix1/CVE-2024-7988-Private-POC • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30377 – G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-30377
22 Aug 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-1159 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42771
https://notcve.org/view.php?id=CVE-2024-42771
22 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Edit%20Room.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42763
https://notcve.org/view.php?id=CVE-2024-42763
22 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Reflected%20XSS%20-%20Book%20Ticket.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •