CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49070 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49070
10 Dec 2024 — Microsoft SharePoint Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49069 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49069
10 Dec 2024 — Microsoft Excel Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-54152 – Angular Expressions - Remote Code Execution when using locals
https://notcve.org/view.php?id=CVE-2024-54152
10 Dec 2024 — Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. • https://github.com/math-x-io/CVE-2024-54152-poc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 40EXPL: 0CVE-2024-49849
https://notcve.org/view.php?id=CVE-2024-49849
10 Dec 2024 — This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-800126.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47977 – Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47977
10 Dec 2024 — Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements use... • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47484 – Dell Avamar Web Restore Login Action SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47484
10 Dec 2024 — Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements... • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37143
https://notcve.org/view.php?id=CVE-2024-37143
10 Dec 2024 — An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. • https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53481
https://notcve.org/view.php?id=CVE-2024-53481
10 Dec 2024 — A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters. • http://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50930
https://notcve.org/view.php?id=CVE-2024-50930
10 Dec 2024 — An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. • https://github.com/CNK2100/2024-CVE/blob/main/README.md • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55638 – Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
https://notcve.org/view.php?id=CVE-2024-55638
09 Dec 2024 — This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-008 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •