CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24507
https://notcve.org/view.php?id=CVE-2024-24507
22 Jul 2024 — Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. • https://gist.github.com/Xandsz/2b409acb81e846fc3478600f984785a1 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38944
https://notcve.org/view.php?id=CVE-2024-38944
22 Jul 2024 — An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi? • https://gist.github.com/LemonSec/6aaea8320187a38e1a398fa321f12303 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24102
https://notcve.org/view.php?id=CVE-2020-24102
22 Jul 2024 — Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code. • https://medium.com/%40prizmant/hacking-punkbuster-e22e6cf2f36e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34329
https://notcve.org/view.php?id=CVE-2024-34329
22 Jul 2024 — Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. ... Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. • https://github.com/pamoutaf/CVE-2024-34329 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6960 – H2O deserializes ML models without filtering, potentially allowing execution of malicious code
https://notcve.org/view.php?id=CVE-2024-6960
21 Jul 2024 — An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform. • https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40347
https://notcve.org/view.php?id=CVE-2024-40347
20 Jul 2024 — A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. • https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39906 – Remote code execution in Haven IndieAuthClient (GHSL-2024-093)
https://notcve.org/view.php?id=CVE-2024-39906
19 Jul 2024 — This issue may lead to Remote Code Execution (RCE) and has been addressed by commit `c52f07c`. ... Este problema puede provocar la ejecución remota de código (RCE) y se solucionó mediante la confirmación `c52f07c`. • https://github.com/havenweb/haven/commit/c52f07c • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40724
https://notcve.org/view.php?id=CVE-2024-40724
19 Jul 2024 — Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product. • https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97 •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41597
https://notcve.org/view.php?id=CVE-2024-41597
19 Jul 2024 — Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. • https://gist.github.com/DefensiumDevelopers/608be4d10b016dce0566925368a8b08c#file-cve-2024-41597-md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39963
https://notcve.org/view.php?id=CVE-2024-39963
19 Jul 2024 — AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg. Se descubrió que el enrutador AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 y AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 contenían una vulnerabilidad de ejecución remota de comando... • https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •