CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2022-23862
https://notcve.org/view.php?id=CVE-2022-23862
Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. • https://github.com/mbadanoiu/CVE-2022-23862 https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf https://ysoft.com • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-40493
https://notcve.org/view.php?id=CVE-2024-40493
Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. • https://gist.github.com/dqp10515/fe80005e2fb58ed8ada178ac017e4ad4 https://github.com/keith-cullen/FreeCoAP/issues/37 • CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48652
https://notcve.org/view.php?id=CVE-2024-48652
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. • https://github.com/paragbagul111/CVE-2024-48652 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40494
https://notcve.org/view.php?id=CVE-2024-40494
Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. • https://gist.github.com/dqp10515/e9d7d663cb89187bfe7b39bb3aeb0113 https://github.com/dqp10515/security/tree/main/FreeCoAP_bug • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-46482
https://notcve.org/view.php?id=CVE-2024-46482
An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file. • https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-46482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •