CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53564
https://notcve.org/view.php?id=CVE-2024-53564
02 Dec 2024 — An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute arbitrary code via uploading a crafted file. • https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-52800 – Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
https://notcve.org/view.php?id=CVE-2024-52800
29 Nov 2024 — Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. ... Users are advised to be cautious of... • https://github.com/JAckLosingHeart/GHSA-4cx5-89vm-833x-POC • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11482
https://notcve.org/view.php?id=CVE-2024-11482
29 Nov 2024 — A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. • https://thrive.trellix.com/s/article/000014058#h2_0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-35451
https://notcve.org/view.php?id=CVE-2024-35451
29 Nov 2024 — LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. • https://datafarm.co.th/blog/CVE-2024-35451:-From-%28Authenticated%29-SSRF-to-Remote-Code-Execution • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52777
https://notcve.org/view.php?id=CVE-2024-52777
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52778
https://notcve.org/view.php?id=CVE-2024-52778
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52779
https://notcve.org/view.php?id=CVE-2024-52779
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52780
https://notcve.org/view.php?id=CVE-2024-52780
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52781
https://notcve.org/view.php?id=CVE-2024-52781
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52782
https://notcve.org/view.php?id=CVE-2024-52782
29 Nov 2024 — DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. • https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one •