CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2022-38947
https://notcve.org/view.php?id=CVE-2022-38947
09 Dec 2024 — SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code. • https://github.com/Cosemz/CVE/blob/main/Flipkart-Clone-PHP/Flipkart-Clone-PHP.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-43962
https://notcve.org/view.php?id=CVE-2023-43962
09 Dec 2024 — Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. • https://github.com/Cosemz/CVE/blob/main/xunruicms/XunRuiCms%20Stored%20XSS%20%28Authenticated%29.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50628
https://notcve.org/view.php?id=CVE-2024-50628
09 Dec 2024 — It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues. • https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2022-38946
https://notcve.org/view.php?id=CVE-2022-38946
09 Dec 2024 — Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. • https://github.com/Cosemz/CVE/blob/main/Doctor-Appointment.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48956
https://notcve.org/view.php?id=CVE-2024-48956
09 Dec 2024 — Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution. Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution. • https://security.serviceware-se.com/CVE-2024-48956 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1394: Use of Default Cryptographic Key •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54918
https://notcve.org/view.php?id=CVE-2024-54918
09 Dec 2024 — Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/RCE%20by%20File%20Upload%20-%20Update%20Avatar.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52320 – Planet Technology Planet WGS-804HPT Command Injection
https://notcve.org/view.php?id=CVE-2024-52320
06 Dec 2024 — An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48871 – Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-48871
06 Dec 2024 — An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21571
https://notcve.org/view.php?id=CVE-2024-21571
06 Dec 2024 — Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Exploiting this vulnerability would require an attacker to have network access to the Code Agent within the deployment environment. • https://www.cve.org/CVERecord?id=CVE-2024-21571 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10771 – SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for remote code execution
https://notcve.org/view.php?id=CVE-2024-10771
06 Dec 2024 — Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. ... Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-94: Improper Control of Generation of Code ('Code Injection') •