CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2024-43984 – Podlove Podcast Publisher <= 4.1.13 - Cross-Site Request Forgery to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-43984
This makes it possible for unauthenticated attackers to modify templates and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7720 – HP Security Manager - Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-7720
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. • https://support.hp.com/us-en/document/ish_11074404-11074432-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44342
https://notcve.org/view.php?id=CVE-2024-44342
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W https://github.com/yali-1002/some-poc/blob/main/CVE-2024-44342 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6312 – Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-6312
This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/3e815531-f966-44a1-a037-8077a40c83b0?source=cve https://plugins.trac.wordpress.org/browser/funnelforms-free/tags/3.7.3.2/admin/menu_ajax_functions/formularbuilder_fonts.php#L59 https://plugins.trac.wordpress.org/browser/funnelforms-free/tags/3.7.4.1/admin/menu_ajax_functions/formularbuilder_fonts.php?rev=3141470#L17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44341
https://notcve.org/view.php?id=CVE-2024-44341
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. • http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W https://github.com/yali-1002/some-poc/blob/main/CVE-2024-44341 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •