CVSS: 8.3EPSS: 0%CPEs: 26EXPL: 0CVE-2024-49089 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49089
10 Dec 2024 — Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49089 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-49086 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49086
10 Dec 2024 — Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49086 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-49085 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49085
10 Dec 2024 — Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49085 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49070 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49070
10 Dec 2024 — Microsoft SharePoint Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49069 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49069
10 Dec 2024 — Microsoft Excel Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-54152 – Angular Expressions - Remote Code Execution when using locals
https://notcve.org/view.php?id=CVE-2024-54152
10 Dec 2024 — Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. • https://github.com/math-x-io/CVE-2024-54152-poc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 40EXPL: 0CVE-2024-49849
https://notcve.org/view.php?id=CVE-2024-49849
10 Dec 2024 — This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-800126.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37143
https://notcve.org/view.php?id=CVE-2024-37143
10 Dec 2024 — An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. • https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53481
https://notcve.org/view.php?id=CVE-2024-53481
10 Dec 2024 — A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters. • http://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50930
https://notcve.org/view.php?id=CVE-2024-50930
10 Dec 2024 — An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. • https://github.com/CNK2100/2024-CVE/blob/main/README.md • CWE-281: Improper Preservation of Permissions •