CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46890
https://notcve.org/view.php?id=CVE-2024-46890
This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-44102
https://notcve.org/view.php?id=CVE-2024-44102
The affected system allows remote users to send maliciously crafted objects. ... This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. • https://cert-portal.siemens.com/productcert/html/ssa-454789.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2023-32736
https://notcve.org/view.php?id=CVE-2023-32736
This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-871035.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47590 – Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2024-47590
When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability. • https://me.sap.com/notes/3520281 https://url.sap/sapsecuritypatchday • CWE-791: Incomplete Filtering of Special Elements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10820 – WooCommerce Upload Files <= 84.3 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10820
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/woocommerce-upload-files/11442983 https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •