CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40494
https://notcve.org/view.php?id=CVE-2024-40494
Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. • https://gist.github.com/dqp10515/e9d7d663cb89187bfe7b39bb3aeb0113 https://github.com/dqp10515/security/tree/main/FreeCoAP_bug • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-46482
https://notcve.org/view.php?id=CVE-2024-46482
An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file. • https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-46482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-26519
https://notcve.org/view.php?id=CVE-2024-26519
An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. • https://cybercx.com.au/blog/zero-day-rce-in-netcomm-ntc-221-industrial-iot-m2m-lte-4g-router • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48656
https://notcve.org/view.php?id=CVE-2024-48656
Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. • https://github.com/LeiPudd/Student-Management-System-v1.0-has-Cross-site-Scripting-XSS- • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48657
https://notcve.org/view.php?id=CVE-2024-48657
SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. • https://github.com/LeiPudd/Hospital-Management-System-v1.0-has-SQL-Injection-SQLDET- • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •