CVSS: 9.8EPSS: 32%CPEs: 1EXPL: 4CVE-2024-5084 – Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5084
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • source=cve https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hash-form/hash-form-drag-drop-form-builder-110-unauthenticated-arbitrary-file-upload-to-remote-code-execution • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 94%CPEs: 28EXPL: 5CVE-2024-21683 – Atlassian Confluence Administrator Code Macro Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-21683
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. ... Esta vulnerabilidad RCE (ejecución remota de código) de alta gravedad se introdujo en la versión 5.2 de Confluence Data Center and Server. Esta vulnerabilidad RCE (ejecución remota de código), con una puntuación CVSS de 8,3, permite a un atacante autenticado ejecutar código arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacción del usuario. • https://github.com/W01fh4cker/CVE-2024-21683-RCE https://github.com/xh4vm/CVE-2024-21683 https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server https://github.com/phucrio/CVE-2024-21683-RCE https://confluence.atlassian.com/pages/viewpage.action? •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5040 – LCDS LAquis SCADA Path Traversal
https://notcve.org/view.php?id=CVE-2024-5040
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. ... An attacker can leverage this vulnerability to execute code in the context of the logged-in user. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-142-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-34274
https://notcve.org/view.php?id=CVE-2024-34274
The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. • https://github.com/OpenBD/openbd-core/issues/89 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33525
https://notcve.org/view.php?id=CVE-2024-33525
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. • baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170040 https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •