CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8149 – BUG-000168624 - Unvalidated redirect in Portal for ArcGIS.
https://notcve.org/view.php?id=CVE-2024-8149
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47655 – Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-47655
An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41512
https://notcve.org/view.php?id=CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. • http://cadclick.de http://kimweb.de https://piuswalter.de/blog/multiple-critical-vulnerabilities-in-cadclick • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37868
https://notcve.org/view.php?id=CVE-2024-37868
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. • https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed https://github.com/TERRENCE-REX/CVE/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-46486
https://notcve.org/view.php?id=CVE-2024-46486
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. • https://github.com/fishykz/TP-POC https://yuhehe88.github.io/2024/09/04/TL-WDR5620-Gigabit-Edition-v2-3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •