CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-26519
https://notcve.org/view.php?id=CVE-2024-26519
An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. • https://cybercx.com.au/blog/zero-day-rce-in-netcomm-ntc-221-industrial-iot-m2m-lte-4g-router • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48656
https://notcve.org/view.php?id=CVE-2024-48656
Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. • https://github.com/LeiPudd/Student-Management-System-v1.0-has-Cross-site-Scripting-XSS- • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48657
https://notcve.org/view.php?id=CVE-2024-48657
SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. • https://github.com/LeiPudd/Hospital-Management-System-v1.0-has-SQL-Injection-SQLDET- • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45518
https://notcve.org/view.php?id=CVE-2024-45518
This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48605 – Helakuru 1.1 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-48605
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. Helakuru version 1.1 suffers from a dll hijacking vulnerability. • https://github.com/surajhacx/HelakuruV.1.1-DLLHijack https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injection https://medium.com/%40xNEED/dll-hijacking-jagexlauncher-819599165822 https://www.exploit-db.com/exploits/51461 • CWE-427: Uncontrolled Search Path Element •