CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48808 – net: dsa: fix panic when DSA master device unbinds on shutdown
https://notcve.org/view.php?id=CVE-2022-48808
16 Jul 2024 — An attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0650bf52b31ff35dc6430fc2e37969c36baba724 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40516
https://notcve.org/view.php?id=CVE-2024-40516
16 Jul 2024 — ., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/2acc62c6283c7a1fe3af046b05091d15 • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40425
https://notcve.org/view.php?id=CVE-2024-40425
16 Jul 2024 — File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component. • https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40515
https://notcve.org/view.php?id=CVE-2024-40515
16 Jul 2024 — ,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/410d6ae5c8ead88c2e0f5c641b2382ec • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6467 – BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-6467
16 Jul 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files on the server, allowing the execution of any PHP code in those files or the exposure of sensitive information. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files (either on the local server or from a remote location), allowing the ... • https://plugins.trac.wordpress.org/changeset/3116857/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress.php • CWE-73: External Control of File Name or Path •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38768 – WordPress The Pack Elementor addons plugin <= 2.0.8.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38768
16 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-8-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39915 – Authenticated remote code execution in Thruk
https://notcve.org/view.php?id=CVE-2024-39915
15 Jul 2024 — This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. ... Este RCE autenticado en Thruk permite a los usuarios autorizados con acceso a la red inyectar comandos arbitrarios a través del parámetro URL durante la generación de informes PDF. • https://github.com/sni/Thruk/commit/7e7eb251e76718a07639c4781f0d959d817f173b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36456 – Symantec Privileged Access Manager Remote Command Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36456
15 Jul 2024 — This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46801 – Apache Linkis DataSource: DataSource Remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-46801
15 Jul 2024 — In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. • https://lists.apache.org/thread/0dnzh64xy1n7qo3rgo2loz9zn7m9xgdx • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21513
https://notcve.org/view.php?id=CVE-2024-21513
15 Jul 2024 — Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if they can control the input prompt and the server is configured with VectorSQLDatabaseChain. **Notes:** Impact on the Confidentiality, Integrity and Availability of the vulnerable comp... • https://github.com/langchain-ai/langchain/blob/672907bbbb7c38bf19787b78e4ffd7c8a9026fe4/libs/experimental/langchain_experimental/sql/vector_sql.py%23L81 • CWE-94: Improper Control of Generation of Code ('Code Injection') •