CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48594
https://notcve.org/view.php?id=CVE-2024-48594
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component. • https://github.com/Aa1b/mycve/blob/main/Readme.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48825
https://notcve.org/view.php?id=CVE-2024-48825
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. • https://github.com/ixout/iotVuls/blob/main/Tenda/ac7_005/report.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48826
https://notcve.org/view.php?id=CVE-2024-48826
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. • https://github.com/ixout/iotVuls/blob/main/Tenda/ac7_006/report.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-39205 – Pyload Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-39205
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. ... CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. ... This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution. • https://github.com/Marven11/CVE-2024-39205-Pyload-RCE https://github.com/Marven11/CVE-2024-39205-Pyload-RCE/tree/main https://github.com/pyload/pyload https://github.com/pyload/pyload/security/advisories/GHSA-r9pp-r4xf-597r - •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48074
https://notcve.org/view.php?id=CVE-2024-48074
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function. • https://github.com/Giles-one/Vigor2960Crack https://gist.github.com/Giles-one/6425e97dcd1ec97a722a1e20da25fad7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •