CVSS: 10.0EPSS: 7%CPEs: 40EXPL: 2CVE-2024-3272 – D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2024-3272
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. • https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE https://github.com/netsecfish/dlink https://supportannouncement.us.dlink.com/security/publication.aspx? • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2020-25730
https://notcve.org/view.php?id=CVE-2020-25730
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. • https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30565
https://notcve.org/view.php?id=CVE-2024-30565
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. • https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/SeaCMS_v.12.9.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 1CVE-2023-36645
https://notcve.org/view.php?id=CVE-2023-36645
SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function. • https://github.com/caffeinated-labs/CVE-2023-36645 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 1CVE-2024-25503
https://notcve.org/view.php?id=CVE-2024-25503
Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function. • https://github.com/EQSTLab/CVE-2024-25503 https://github.com/EQSTLab/PoC/tree/main/2024/XSS/CVE-2024-25503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •