CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-9985 – Ragic Enterprise Cloud Database - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9985
Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. • https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-21535
https://notcve.org/view.php?id=CVE-2024-21535
An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. • https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48779
https://notcve.org/view.php?id=CVE-2024-48779
An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. • https://gist.github.com/zty-1995/3fcdf702017ad6721e5011f74c1f6cee •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8746 – File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
https://notcve.org/view.php?id=CVE-2024-8746
This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve https://filemanagerpro.io • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-6519 – Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-6519
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual LSI53C895A SCSI Host Bus Adapter. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://access.redhat.com/security/cve/CVE-2024-6519 https://bugzilla.redhat.com/show_bug.cgi?id=2292089 https://www.zerodayinitiative.com/advisories/ZDI-24-1382 • CWE-416: Use After Free •