CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48656
https://notcve.org/view.php?id=CVE-2024-48656
22 Oct 2024 — Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. • https://github.com/LeiPudd/Student-Management-System-v1.0-has-Cross-site-Scripting-XSS- • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-48605 – Helakuru 1.1 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-48605
22 Oct 2024 — An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. Helakuru version 1.1 suffers from a dll hijacking vulnerability. • https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injection • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26519
https://notcve.org/view.php?id=CVE-2024-26519
22 Oct 2024 — An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. • https://cybercx.com.au/blog/zero-day-rce-in-netcomm-ntc-221-industrial-iot-m2m-lte-4g-router • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48657
https://notcve.org/view.php?id=CVE-2024-48657
22 Oct 2024 — SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. • https://github.com/LeiPudd/Hospital-Management-System-v1.0-has-SQL-Injection-SQLDET- • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46482
https://notcve.org/view.php?id=CVE-2024-46482
22 Oct 2024 — An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file. • https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-46482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23862
https://notcve.org/view.php?id=CVE-2022-23862
22 Oct 2024 — Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. • https://github.com/mbadanoiu/CVE-2022-23862 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48652
https://notcve.org/view.php?id=CVE-2024-48652
22 Oct 2024 — Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. • https://github.com/paragbagul111/CVE-2024-48652 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40494
https://notcve.org/view.php?id=CVE-2024-40494
22 Oct 2024 — Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. • https://gist.github.com/dqp10515/e9d7d663cb89187bfe7b39bb3aeb0113 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40493
https://notcve.org/view.php?id=CVE-2024-40493
22 Oct 2024 — Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. • https://gist.github.com/dqp10515/fe80005e2fb58ed8ada178ac017e4ad4 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45518
https://notcve.org/view.php?id=CVE-2024-45518
22 Oct 2024 — This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). • https://wiki.zimbra.com/wiki/Security_Center • CWE-918: Server-Side Request Forgery (SSRF) •