CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36528
https://notcve.org/view.php?id=CVE-2024-36528
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php. • https://mat4mee.notion.site/2-bug-chains-in-nukeViet-lead-to-RCE-bdd42b20b05a448fbe87c752b41bb15f • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5723 – Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5723
Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. • https://www.zerodayinitiative.com/advisories/ZDI-24-595 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37014
https://notcve.org/view.php?id=CVE-2024-37014
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. • https://github.com/langflow-ai/langflow/issues/1973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-51634 – NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51634
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-36531
https://notcve.org/view.php?id=CVE-2024-36531
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. • https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33 • CWE-94: Improper Control of Generation of Code ('Code Injection') •