CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2023-46948
https://notcve.org/view.php?id=CVE-2023-46948
A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components. • https://github.com/AzraelsBlade/CVE-2023-46948 http://temenos.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8671 – WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2024-8671
This makes it possible for unauthenticated attackers to overwrite arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/wooevents-calendar-and-event-booking/15598178 https://www.wordfence.com/threat-intel/vulnerabilities/id/3d7af96a-5a3c-4291-a369-f6ed78f72a3f? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-39842 – Centreon updateAccessGroupLinks SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39842
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs. This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. • https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-39843 – Centreon updateContactContactGroup SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39843
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. • https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42323 – Apache HertzBeat: RCE by snakeYaml deser load malicious xml
https://notcve.org/view.php?id=CVE-2024-42323
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue. • https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t • CWE-502: Deserialization of Untrusted Data •