CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-28740
https://notcve.org/view.php?id=CVE-2024-28740
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. • https://febin0x4e4a.wordpress.com/2023/01/11/xss-vulnerability-in-koha-integrated-library-system https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-28739
https://notcve.org/view.php?id=CVE-2024-28739
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. • https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7565 – SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7565
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. ... An attacker can leverage this vulnerability to execute code in the context of the current user. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39225
https://notcve.org/view.php?id=CVE-2024-39225
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41226
https://notcve.org/view.php?id=CVE-2024-41226
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. • https://medium.com/%40aksalsalimi/cve-2024-41226-response-manipulation-led-to-csv-injection-9ae3182dcc02 https://www.automationanywhere.com/products/automation-360 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •