CVSS: 8.3EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34110 – RCE in the Adobe Commerce Webhook module through a legit webhook definition
https://notcve.org/view.php?id=CVE-2024-34110
13 Jun 2024 — Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34111 – SSRF in service connector
https://notcve.org/view.php?id=CVE-2024-34111
13 Jun 2024 — Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause the server to execute arbitrary code. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 18%CPEs: 71EXPL: 28CVE-2024-34102 – Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-34102
13 Jun 2024 — Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. ... Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an improper restriction of XML External Entity Reference (XXE) vulnerability that could result in arbitrary code execution. Adobe Commerce and Magento Open Source contain an impr... • https://github.com/etx-Arn/CVE-2024-34102-RCE • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38295
https://notcve.org/view.php?id=CVE-2024-38295
13 Jun 2024 — ALCASAR before 3.6.1 allows still_connected.php remote code execution. • https://adullact.net/frs/download.php/file/8930/CHANGELOG.md •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38294
https://notcve.org/view.php?id=CVE-2024-38294
13 Jun 2024 — ALCASAR before 3.6.1 allows email_registration_back.php remote code execution. • https://adullact.net/frs/download.php/file/8930/CHANGELOG.md •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 50CVE-2024-2024 – Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload
https://notcve.org/view.php?id=CVE-2024-2024
13 Jun 2024 — This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37029 – Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-37029
13 Jun 2024 — Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5950 – Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5950
13 Jun 2024 — Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. ... An attacker can leverage this vulnera... • https://www.zerodayinitiative.com/advisories/ZDI-24-674 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30376 – Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-30376
13 Jun 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. An attacker can leverage this vulnerability to escalate privi... • https://www.zerodayinitiative.com/advisories/ZDI-24-670 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5948 – Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5948
13 Jun 2024 — Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. ... An attacker can leverage this vulnerability... • https://www.zerodayinitiative.com/advisories/ZDI-24-672 • CWE-121: Stack-based Buffer Overflow •