CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6781 – Calibre Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-6781
06 Aug 2024 — Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution. • https://github.com/kovidgoyal/calibre/commit/bcd0ab12c41a887f8290a9b56e46c3a29038d9c4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 49EXPL: 0CVE-2024-39227
https://notcve.org/view.php?id=CVE-2024-39227
06 Aug 2024 — This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28740
https://notcve.org/view.php?id=CVE-2024-28740
06 Aug 2024 — Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. • https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2024-39225
https://notcve.org/view.php?id=CVE-2024-39225
06 Aug 2024 — GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41226
https://notcve.org/view.php?id=CVE-2024-41226
06 Aug 2024 — A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. • https://medium.com/%40aksalsalimi/cve-2024-41226-response-manipulation-led-to-csv-injection-9ae3182dcc02 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7565 – SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7565
06 Aug 2024 — SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. ... An attacker can leverage this vulnerability to execute code in the context of the current user. An attack... • https://www.soapui.org/downloads/latest-release/release-notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28739
https://notcve.org/view.php?id=CVE-2024-28739
06 Aug 2024 — An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. • https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2024-39226
https://notcve.org/view.php?id=CVE-2024-39226
06 Aug 2024 — This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34344 – Remote code execution via the browser when running the test locally in nuxt
https://notcve.org/view.php?id=CVE-2024-34344
05 Aug 2024 — Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. • https://github.com/nuxt/nuxt/security/advisories/GHSA-v784-fjjh-f8r4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23657 – Path Traversal: '../filedir' in Nuxt Devtools
https://notcve.org/view.php?id=CVE-2024-23657
05 Aug 2024 — In certain configurations an attacker could leak the devtools authentication token and then abuse other RPC functions to achieve RCE. The `getTextAssetContent` function does not check for path traversals, this could allow an attacker to read arbitrary files over the RPC WebSocket. • https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/dev-auth.ts#L14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •