CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-46373
https://notcve.org/view.php?id=CVE-2024-46373
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. • https://github.com/gaorenyusi/gaorenyusi/blob/main/CVE-2024-46373.md •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45803 – Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui
https://notcve.org/view.php?id=CVE-2024-45803
Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. ... By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. • https://github.com/wireui/wireui/commit/784c4f110e58eb41d0f2bdecd4655ea417f16e7e https://github.com/wireui/wireui/commit/a457654912055f4dcc559da04d4e319f76b80fc5 https://github.com/wireui/wireui/security/advisories/GHSA-rw5h-g8xq-6877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-45798 – Multiple Poisoned Pipeline Execution (PPE) vulnerabilities
https://notcve.org/view.php?id=CVE-2024-45798
The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). • https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection https://github.com/espressif/arduino-esp32/blob/690bdb511d9f001e2066da2dda2c631a3eee270f/.github/workflows/tests_results.yml https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8 https://securitylab.github.com/research/github-actions-preventing-pwn-requests https://securitylab.github.com/research/github-actions-untrusted-input • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42503 – Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2024-42503
Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42502 – Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface
https://notcve.org/view.php?id=CVE-2024-42502
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •