CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48534
https://notcve.org/view.php?id=CVE-2024-48534
A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/esoft-planner-cve/esoft_planner_cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11477 – 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11477
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-24-1532 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-52725
https://notcve.org/view.php?id=CVE-2024-52725
SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. • http://semcms.com https://github.com/Megrez0423/Seecms •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-52739
https://notcve.org/view.php?id=CVE-2024-52739
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. • https://github.com/faqiadegege/IoTVuln/blob/main/DI_8400_msp_info_htm_rce/detail.md https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-52769
https://notcve.org/view.php?id=CVE-2024-52769
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://co-a1natas.feishu.cn/docx/Zsd9dnGUvoBW6tx0G5fcVx6vnBb https://github.com/DedeBIZ/DedeV6 •