CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37868
https://notcve.org/view.php?id=CVE-2024-37868
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. • https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed https://github.com/TERRENCE-REX/CVE/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-46486
https://notcve.org/view.php?id=CVE-2024-46486
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. • https://github.com/fishykz/TP-POC https://yuhehe88.github.io/2024/09/04/TL-WDR5620-Gigabit-Edition-v2-3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37869
https://notcve.org/view.php?id=CVE-2024-37869
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable • https://gist.github.com/TERRENCE-REX/7e5dfdd3583bf9fd81196f557a8b8879 https://github.com/TERRENCE-REX/CVE/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41988 – Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter
https://notcve.org/view.php?id=CVE-2024-41988
This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47561 – Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
https://notcve.org/view.php?id=CVE-2024-47561
This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute. • https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x https://access.redhat.com/security/cve/CVE-2024-47561 https://bugzilla.redhat.com/show_bug.cgi?id=2316116 • CWE-502: Deserialization of Untrusted Data •