CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51774
https://notcve.org/view.php?id=CVE-2024-51774
qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. • id=42004219 https://sharpsec.run/rce-vulnerability-in-qbittorrent https://www.qbittorrent.org/news • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9896 – BBP Core – Expand bbPress powered forums with useful features <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter
https://notcve.org/view.php?id=CVE-2024-9896
This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/bbp-core/trunk/includes/features/bbpc_attachments/code/front.php#L284 https://plugins.trac.wordpress.org/changeset/3179353 https://wordpress.org/plugins/bbp-core/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/a329cf0a-8800-470a-9657-452f26112956? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7456 – SQL Injection in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-7456
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allowing for SQL injection. The `orderByClause` variable is constructed without server-side validation or sanitization, enabling an attacker to execute arbitrary SQL commands. • https://github.com/lunary-ai/lunary/commit/6a0bc201181e0f4a0cc375ccf4ef0d7ae65c8a8e https://huntr.com/bounties/bfb3015e-5642-4d94-ab49-e8b49c4e07e4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51432
https://notcve.org/view.php?id=CVE-2024-51432
Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized • https://en.fiberhome.com https://github.com/MatJosephs/CVEs/tree/main/CVE-2024-51432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48410
https://notcve.org/view.php?id=CVE-2024-48410
Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php. • https://gist.github.com/Youns92/e7cd3f5d18ab089320f72c51fa3977de • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •