CVSS: 9.8EPSS: 96%CPEs: -EXPL: 1CVE-2024-5217 – ServiceNow Incomplete List of Disallowed Inputs Vulnerability
https://notcve.org/view.php?id=CVE-2024-5217
This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ... An unauthenticated user could exploit this vulnerability to execute code remotely. • https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning https://support.servicenow.com/kb?... id=kb_article_view&sysparm_article=KB1648313 https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 9.8EPSS: 96%CPEs: -EXPL: 10CVE-2024-4879 – ServiceNow Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4879
This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ... An unauthenticated user could exploit this vulnerability to execute code remotely. • https://github.com/Praison001/CVE-2024-4879-ServiceNow https://github.com/Brut-Security/CVE-2024-4879 https://github.com/bigb0x/CVE-2024-4879 https://github.com/Mr-r00t11/CVE-2024-4879 https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning https://github.com/ShadowByte1/CVE-2024-4879 https://github.com/zgimszhd61/CVE-2024-4879 https://github.com/jdusane/CVE-2024-4879 https://github.com/fa-rrel/CVE-2024-4879 https://github.com/ • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-37770
https://notcve.org/view.php?id=CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. Se descubrió que 14Finger v1.1 contenía una vulnerabilidad de ejecución remota de comandos (RCE) en la función de huellas dactilares. • https://github.com/k3ppf0r/CVE-2024-37770 https://github.com/b1ackc4t/14Finger/issues/13 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-35154 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2024-35154
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 https://www.ibm.com/support/pages/node/7159825 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39883 – Heap-based Buffer Overflow in Delta Electronics CNCSoft-G2
https://notcve.org/view.php?id=CVE-2024-39883
If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01 • CWE-122: Heap-based Buffer Overflow •