CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-9717 – Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9717
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. •
CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2024-9763 – Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9763
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-42640
https://notcve.org/view.php?id=CVE-2024-42640
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. • https://github.com/rvizx/CVE-2024-42640 https://github.com/adonespitogo/angular-base64-upload https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45316 – SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-45316
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-46532
https://notcve.org/view.php?id=CVE-2024-46532
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. • https://github.com/KamenRiderDarker/CVE-2024-46532 http://openhis.com https://github.com/1638824607/OpenHIS?tab=readme-ov-file https://github.com/KamenRiderDarker/CVE-2024-46532/tree/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •