CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42323 – Apache HertzBeat: RCE by snakeYaml deser load malicious xml
https://notcve.org/view.php?id=CVE-2024-42323
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue. • https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-41721 – bhyve(8) out-of-bounds read access via XHCI emulation
https://notcve.org/view.php?id=CVE-2024-41721
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. • https://security.freebsd.org/advisories/FreeBSD-SA-24:15.bhyve.asc • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46640
https://notcve.org/view.php?id=CVE-2024-46640
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. • https://gitee.com/zheng_botong/CVE-2024-46640 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45489
https://notcve.org/view.php?id=CVE-2024-45489
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. • https://kibty.town/blog/arc https://news.ycombinator.com/item?id=41597250 https://arc.net/blog/CVE-2024-45489-incident-response • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42697
https://notcve.org/view.php?id=CVE-2024-42697
Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function. • https://github.com/JustDinooo/CVEs/blob/main/CVE-2024-42697/poc.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •