CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45711 – SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45711
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45711 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48758
https://notcve.org/view.php?id=CVE-2024-48758
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code Se descubrió que dingfanzu CMS V1.0 contiene Cross-Site Request Forgery (CSRF) a través del parámetro addPro del componente doAdminAction.php que permite a un atacante remoto ejecutar código arbitrario. • https://github.com/Yllxx03/CVE/blob/main/CVE-2024-48758/CVE-2024-48758.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48744
https://notcve.org/view.php?id=CVE-2024-48744
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-46213
https://notcve.org/view.php?id=CVE-2024-46213
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Se descubrió que REDAXO CMS v2.11.0 contenía una vulnerabilidad de ejecución remota de código (RCE). • https://github.com/Purposex7/Vulns4Study/blob/main/REDAXO%20Cronjobs%20%20AddOns%20RCE.md •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9965
https://notcve.org/view.php?id=CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/352651673 •