CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6220 – 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6220
16 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39700 – Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
https://notcve.org/view.php?id=CVE-2024-39700
16 Jul 2024 — Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. ... Los repositorios creados usando esta plantilla con la opción `test` incluyen el flujo de trabajo `update-integration-tests.yml` que tiene una vulnerabilidad RCE. Se insta a los autores de extensiones que alojan su c... • https://github.com/LOURC0D3/CVE-2024-39700-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-6655 – Gtk3: gtk2: library injection from cwd
https://notcve.org/view.php?id=CVE-2024-6655
16 Jul 2024 — If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges. • https://access.redhat.com/errata/RHSA-2024:6963 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48808 – net: dsa: fix panic when DSA master device unbinds on shutdown
https://notcve.org/view.php?id=CVE-2022-48808
16 Jul 2024 — An attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0650bf52b31ff35dc6430fc2e37969c36baba724 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40515
https://notcve.org/view.php?id=CVE-2024-40515
16 Jul 2024 — ,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/410d6ae5c8ead88c2e0f5c641b2382ec • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40425
https://notcve.org/view.php?id=CVE-2024-40425
16 Jul 2024 — File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component. • https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40516
https://notcve.org/view.php?id=CVE-2024-40516
16 Jul 2024 — ., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/2acc62c6283c7a1fe3af046b05091d15 • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38768 – WordPress The Pack Elementor addons plugin <= 2.0.8.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38768
16 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-8-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39915 – Authenticated remote code execution in Thruk
https://notcve.org/view.php?id=CVE-2024-39915
15 Jul 2024 — This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. ... Este RCE autenticado en Thruk permite a los usuarios autorizados con acceso a la red inyectar comandos arbitrarios a través del parámetro URL durante la generación de informes PDF. • https://github.com/sni/Thruk/commit/7e7eb251e76718a07639c4781f0d959d817f173b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38493 – Symantec Privileged Access Manager Reflected Cross Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2024-38493
15 Jul 2024 — A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •