CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7847 – RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script
https://notcve.org/view.php?id=CVE-2024-7847
This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-9139 – OS Command Injection in Restricted Command
https://notcve.org/view.php?id=CVE-2024-9139
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49257 – WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49257
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48168
https://notcve.org/view.php?id=CVE-2024-48168
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. • https://github.com/fu37kola/cve/blob/main/D-Link/DCS-960L/D-Link%20DCS-960L%201.09%20Stack%20overflow_1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49254 – WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49254
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. ... The ajax-extend plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the ajax_operation function. ... This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/ajax-extend/wordpress-ajax-extend-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •