CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-54790
https://notcve.org/view.php?id=CVE-2024-54790
19 Dec 2024 — A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Pre-School%20Enrollment/SQL%20Injection%20pr-school%20i.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12695 – Debian Security Advisory 5834-1
https://notcve.org/view.php?id=CVE-2024-12695
18 Dec 2024 — Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. ... (Gravedad de seguridad de Chromium: alta) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12693 – Debian Security Advisory 5834-1
https://notcve.org/view.php?id=CVE-2024-12693
18 Dec 2024 — Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. ... (Gravedad de seguridad de Chromium: alta) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2024-56145 – RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
https://notcve.org/view.php?id=CVE-2024-56145
18 Dec 2024 — For these users an unspecified remote code execution vector is present. ... For these users an unspecified remote code execution vector is present. • https://github.com/Sachinart/CVE-2024-56145-craftcms-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-12741 – Deserialization Of Untrusted Data Vulnerability In NI DAAQAExpress Project File
https://notcve.org/view.php?id=CVE-2024-12741
18 Dec 2024 — A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. • https://knowledge.ni.com/KnowledgeArticleDetails?id=kA00Z000000kFD7SAM&l=en-US • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55952 – Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-55952
18 Dec 2024 — Authenticated users can remotely execute code through the backend JDBC connection. • https://github.com/dataease/dataease/commit/0db4872a52eccf6e83dd9359aa05db52dd580ec1 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-12372 – Rockwell Automation PowerMonitor™ 1000 Denial of Service
https://notcve.org/view.php?id=CVE-2024-12372
18 Dec 2024 — A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2024-12371 – Rockwell Automation PowerMonitor™ 1000 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-12371
18 Dec 2024 — A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-21546
https://notcve.org/view.php?id=CVE-2024-21546
18 Dec 2024 — Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code. • https://gist.github.com/ImHades101/338a06816ef97262ba632af9c78b78ca • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55506
https://notcve.org/view.php?id=CVE-2024-55506
18 Dec 2024 — An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. • https://github.com/CV1523/CVEs/blob/main/CVE-2024-55506.md • CWE-639: Authorization Bypass Through User-Controlled Key •