CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-2658 – Flexera Software FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-2658
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-30370 – RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-30370
This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. ... This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • https://www.rarlab.com/rarnew.htm#27.%20Busgs%20fixed https://www.zerodayinitiative.com/advisories/ZDI-24-357 • CWE-693: Protection Mechanism Failure •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41724
https://notcve.org/view.php?id=CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. Una vulnerabilidad de inyección de comandos en Ivanti Sentry anterior a 9.19.0 permite que un actor de amenazas no autenticado ejecute comandos arbitrarios en el sistema operativo subyacente del dispositivo dentro de la misma red física o lógica. • https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1522 – Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1522
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. • https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-3085 – PHPGurukul Emergency Ambulance Hiring Portal Admin Login Page login.php sql injection
https://notcve.org/view.php?id=CVE-2024-3085
The manipulation of the argument username leads to sql injection. ... Mit der Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. • https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sqli.md https://vuldb.com/? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •