CVSS: 7.2EPSS: 1%CPEs: 71EXPL: 0CVE-2024-34110 – RCE in the Adobe Commerce Webhook module through a legit webhook definition
https://notcve.org/view.php?id=CVE-2024-34110
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34111 – SSRF in service connector
https://notcve.org/view.php?id=CVE-2024-34111
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause the server to execute arbitrary code. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 97%CPEs: 71EXPL: 19CVE-2024-34102 – Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. ... Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution. • https://github.com/bigb0x/CVE-2024-34102 https://github.com/11whoami99/CVE-2024-34102 https://github.com/unknownzerobit/poc https://github.com/d0rb/CVE-2024-34102 https://github.com/bughuntar/CVE-2024-34102 https://github.com/bughuntar/CVE-2024-34102-Python https://github.com/Chocapikk/CVE-2024-34102 https://github.com/th3gokul/CVE-2024-34102 https://github.com/0x0d3ad/CVE-2024-34102 https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23144 – Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23144
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37003 – Autodesk AutoCAD SLDPRT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37003
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-121: Stack-based Buffer Overflow •