CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3784 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3784
Exploitation of this vulnerability could allow a remote user to execute arbitrary code. • https://github.com/gsmith257-cyber/CVE-2024-37843-POC https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2020-22540
https://notcve.org/view.php?id=CVE-2020-22540
Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component. • https://gist.github.com/s4fv4n/0d7a5093886cf41d9c478166e4aeec64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28557
https://notcve.org/view.php?id=CVE-2024-28557
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php. • https://github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md https://github.com/xuanluansec/vul/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-24486
https://notcve.org/view.php?id=CVE-2024-24486
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. • https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24486 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28556
https://notcve.org/view.php?id=CVE-2024-28556
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php. • https://github.com/xuanluansec/vul/blob/main/vul/1/README.md https://github.com/xuanluansec/vul/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •