CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45824 – FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation
https://notcve.org/view.php?id=CVE-2024-45824
The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-28991 – SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28991
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28991 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2020-24061
https://notcve.org/view.php?id=CVE-2020-24061
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script • https://github.com/0xadik/CVEs/tree/main/CVE-2020-24061 https://medium.com/%40sadikul.islam/kasda-kw5515-cross-site-scripting-html-injection-e6cb9f65ae89?sk=5e1ea8e1cba8dbeaff7f9cd710808354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-29847 – Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29847
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://github.com/horizon3ai/CVE-2024-29847 https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27114 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27114
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. • https://csirt.divd.nl/CVE-2024-27114 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •