CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7559 – File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7559
22 Aug 2024 — The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://filemanagerpro.io/file-manager-pro • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43033
https://notcve.org/view.php?id=CVE-2024-43033
22 Aug 2024 — JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. • https://cwe.mitre.org/data/definitions/69.html • CWE-69: Improper Handling of Windows ::DATA Alternate Data Stream •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42599
https://notcve.org/view.php?id=CVE-2024-42599
22 Aug 2024 — SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-45201
https://notcve.org/view.php?id=CVE-2024-45201
22 Aug 2024 — An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}. • https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8035 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-8035
21 Aug 2024 — (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8034 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-8034
21 Aug 2024 — (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8033 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-8033
21 Aug 2024 — (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7981 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7981
21 Aug 2024 — (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7980 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7980
21 Aug 2024 — (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7979 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7979
21 Aug 2024 — (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html • CWE-345: Insufficient Verification of Data Authenticity •