CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9006 – jeanmarc77 123solar config_invt1.php code injection
https://notcve.org/view.php?id=CVE-2024-9006
The manipulation of the argument PASSOx leads to code injection. ... Mittels dem Manipulieren des Arguments PASSOx mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/jeanmarc77/123solar/commit/f4a8c748ec436e5a79f91ccb6a6f73752b336aa5 https://github.com/jeanmarc77/123solar/issues/74 https://github.com/jeanmarc77/123solar/issues/74#issuecomment-2357653441 https://vuldb.com/?ctiid.278162 https://vuldb.com/?id.278162 https://vuldb.com/?submit.408298 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40125
https://notcve.org/view.php?id=CVE-2024-40125
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. • https://github.com/brendontkl/My-CVEs/tree/main/CVE-2024-40125 https://www.closed-loop.biz • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45858
https://notcve.org/view.php?id=CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. • https://hiddenlayer.com/sai-security-advisory/2024-09-guardrails • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46373
https://notcve.org/view.php?id=CVE-2024-46373
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. • https://github.com/gaorenyusi/gaorenyusi/blob/main/CVE-2024-46373.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-46559
https://notcve.org/view.php?id=CVE-2024-46559
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#acee48e159494c479aecc1bfa87f0d83 •