CVSS: 9.8EPSS: %CPEs: 1EXPL: 1CVE-2024-34909
https://notcve.org/view.php?id=CVE-2024-34909
An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/Joying-C/Cross-site-scripting-vulnerability/tree/main/KYKMS_Cross_site%20_scripting%20_vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.3EPSS: %CPEs: 1EXPL: 1CVE-2024-34906
https://notcve.org/view.php?id=CVE-2024-34906
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/kuaifan/dootask/issues/210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 148EXPL: 0CVE-2024-20366
https://notcve.org/view.php?id=CVE-2024-20366
A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D • CWE-73: External Control of File Name or Path •
CVSS: 6.8EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20391
https://notcve.org/view.php?id=CVE-2024-20391
A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-20392
https://notcve.org/view.php?id=CVE-2024-20392
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. ... A successful exploit could allow the attacker to perform cross-site scripting (XSS) attacks, resulting in the execution of arbitrary script code in the browser of the targeted user, or could allow the attacker to access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-http-split-GLrnnOwS • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •