CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-7253 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7253
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.3EPSS: %CPEs: -EXPL: 0CVE-2024-23929 – Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2024-23929
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40645 – FOG Authenticated File Upload RCE
https://notcve.org/view.php?id=CVE-2024-40645
An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. • https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896 https://github.com/FOGProject/fogproject/commit/9469606a18bf8887740cceed6593a2e0380b5e0c https://github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6973 – Remote Code Execution in Cato Windows SDP client via crafted URLs
https://notcve.org/view.php?id=CVE-2024-6973
Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34. • https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41950 – Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
https://notcve.org/view.php?id=CVE-2024-41950
Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. • https://github.com/deepset-ai/haystack/security/advisories/GHSA-hx9v-6r9f-w677 https://github.com/deepset-ai/haystack/pull/8095 https://github.com/deepset-ai/haystack/pull/8096 https://github.com/deepset-ai/haystack/commit/3fed1366c448b02189851bf08166c1f6477a02b0 https://github.com/deepset-ai/haystack/commit/6c25a5c73e83aa32c3241ba84a5cbb3ac0e8a89e https://github.com/deepset-ai/haystack/releases/tag/v2.3.1 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •