CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-41304
https://notcve.org/view.php?id=CVE-2024-41304
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. • https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-SVG-Stored-Cross-Site-Scripting • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38983
https://notcve.org/view.php?id=CVE-2024-38983
Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) Prototype Pollution en alykoshin mini-deep-assign v0.0.8 permite a un atacante ejecutar código arbitrario o causar una denegación de servicio (DoS) y causar otros impactos a través del método _assign() en (/lib/index.js:91) • https://gist.github.com/mestrtee/f82d0c3a8fe3a125f06425caef5d22ed • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38986
https://notcve.org/view.php?id=CVE-2024-38986
Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects. • https://gist.github.com/mestrtee/b20c3aee8bea16e1863933778da6e4cb • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-39012
https://notcve.org/view.php?id=CVE-2024-39012
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/acfbd724a4b73bfb5d030575b653453c •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38909
https://notcve.org/view.php?id=CVE-2024-38909
Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. • http://elfinder.com https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909 • CWE-284: Improper Access Control •