CVE-2024-9985 – Ragic Enterprise Cloud Database - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9985
Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. • https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-21535
https://notcve.org/view.php?id=CVE-2024-21535
An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. • https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-6519 – QEMU SCSI Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6519
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. •
CVE-2023-31493
https://notcve.org/view.php?id=CVE-2023-31493
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. • http://zoneminder.com https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-48781
https://notcve.org/view.php?id=CVE-2024-48781
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. • https://gist.github.com/zty-1995/a7948be24b3411759a6afa3cc616dc12 • CWE-434: Unrestricted Upload of File with Dangerous Type •