CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-48987
https://notcve.org/view.php?id=CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. • https://github.com/snipe/snipe-it/releases/tag/v7.0.10 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-46532
https://notcve.org/view.php?id=CVE-2024-46532
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. • https://github.com/KamenRiderDarker/CVE-2024-46532 http://openhis.com https://github.com/1638824607/OpenHIS?tab=readme-ov-file https://github.com/KamenRiderDarker/CVE-2024-46532/tree/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48827
https://notcve.org/view.php?id=CVE-2024-48827
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. • https://github.com/sbondCo/Watcharr https://github.com/sbondCo/Watcharr/releases/tag/v1.43.0 https://github.com/yamerooo123/CVE/blob/main/CVE-2024-48827/Description.md • CWE-613: Insufficient Session Expiration •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47966 – Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2
https://notcve.org/view.php?id=CVE-2024-47966
An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21 • CWE-457: Use of Uninitialized Variable •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47965 – Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2
https://notcve.org/view.php?id=CVE-2024-47965
An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21 • CWE-125: Out-of-bounds Read •