CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55637 – Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
https://notcve.org/view.php?id=CVE-2024-55637
09 Dec 2024 — This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-007 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55636 – Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
https://notcve.org/view.php?id=CVE-2024-55636
09 Dec 2024 — This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-006 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11608
https://notcve.org/view.php?id=CVE-2024-11608
09 Dec 2024 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0026 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11454 – Untrusted Search Path vulnerability in Autodesk Revit
https://notcve.org/view.php?id=CVE-2024-11454
09 Dec 2024 — A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0025 • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7298 – Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2023-7298
09 Dec 2024 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2023-0025 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-43962
https://notcve.org/view.php?id=CVE-2023-43962
09 Dec 2024 — Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. • https://github.com/Cosemz/CVE/blob/main/xunruicms/XunRuiCms%20Stored%20XSS%20%28Authenticated%29.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2022-38946
https://notcve.org/view.php?id=CVE-2022-38946
09 Dec 2024 — Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. • https://github.com/Cosemz/CVE/blob/main/Doctor-Appointment.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2022-38947
https://notcve.org/view.php?id=CVE-2022-38947
09 Dec 2024 — SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code. • https://github.com/Cosemz/CVE/blob/main/Flipkart-Clone-PHP/Flipkart-Clone-PHP.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54918
https://notcve.org/view.php?id=CVE-2024-54918
09 Dec 2024 — Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/RCE%20by%20File%20Upload%20-%20Update%20Avatar.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-55580
https://notcve.org/view.php?id=CVE-2024-55580
09 Dec 2024 — Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. • https://community.qlik.com/t5/Official-Support-Articles/High-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows-CVEs/tac-p/2496004 • CWE-94: Improper Control of Generation of Code ('Code Injection') •