CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48962 – Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)
https://notcve.org/view.php?id=CVE-2024-48962
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. • https://issues.apache.org/jira/browse/OFBIZ-13162 https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6 https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2015-20111
https://notcve.org/view.php?id=CVE-2015-20111
In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. • https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6 https://github.com/miniupnp/miniupnp/pull/157 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51053
https://notcve.org/view.php?id=CVE-2024-51053
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://binqqer.com/posts/CVE-2024-51053 https://vulners.com/packetstorm/PACKETSTORM:173122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50849
https://notcve.org/view.php?id=CVE-2024-50849
Cross-Site Scripting (XSS) in the "Rules" functionality in WordServer 11.8.2 allows a remote authenticated attacker to execute arbitrary code. • https://github.com/Wh1teSnak3/CVE-2024-50849 https://www.trados.com/product/worldserver • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33231
https://notcve.org/view.php?id=CVE-2024-33231
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. • https://github.com/fdzdev/CVE-2024-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •