CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11740 – Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-11740
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/Hooks.php#L42 https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.02/src/Package/views/shortcode-iframe.php#L203 https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-49576
https://notcve.org/view.php?id=CVE-2024-49576
A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2093 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-47810
https://notcve.org/view.php?id=CVE-2024-47810
A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2094 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2094 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2024-12372 – Rockwell Automation PowerMonitorâ„¢ 1000 Denial of Service
https://notcve.org/view.php?id=CVE-2024-12372
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2024-12371 – Rockwell Automation PowerMonitorâ„¢ 1000 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-12371
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-306: Missing Authentication for Critical Function •