CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2023-32736
https://notcve.org/view.php?id=CVE-2023-32736
This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-871035.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11102 – SourceCodester Hospital Management System edit-doc.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11102
A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. • https://drive.google.com/file/d/1Omjwoh6B2xh41c3Av0_VJsoR7tascb1_/view?usp=sharing https://github.com/Salah-Tayeh/CVEs-and-Vulnerabilities/blob/main/Hospital%20Management%20System%20-%20Stored%20XSS.md https://vuldb.com/?ctiid.283922 https://vuldb.com/?id.283922 https://vuldb.com/?submit.441694 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47590 – Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2024-47590
When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability. • https://me.sap.com/notes/3520281 https://url.sap/sapsecuritypatchday • CWE-791: Incomplete Filtering of Special Elements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11150 – WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-11150
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/user-extra-fields/12949844 https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39d797-9230-41d9-a335-864845b56aa0?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-28729
https://notcve.org/view.php?id=CVE-2024-28729
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. • https://github.com/Mrnmap/mrnmap-cve https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-28729 •