CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7847 – RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script
https://notcve.org/view.php?id=CVE-2024-7847
This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-9139 – OS Command Injection in Restricted Command
https://notcve.org/view.php?id=CVE-2024-9139
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49257 – WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49257
The Azz Anonim Posting plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the AzzapUploadHandler class in all versions up to, and including, 0.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48168
https://notcve.org/view.php?id=CVE-2024-48168
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. • https://github.com/fu37kola/cve/blob/main/D-Link/DCS-960L/D-Link%20DCS-960L%201.09%20Stack%20overflow_1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49254 – WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49254
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. ... The ajax-extend plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the ajax_operation function. ... This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/ajax-extend/wordpress-ajax-extend-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •