CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48423
https://notcve.org/view.php?id=CVE-2024-48423
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. • https://github.com/assimp/assimp/issues/5788 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50420 – WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50420
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50427 – WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50427
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-50427 https://patchstack.com/database/vulnerability/surveyjs/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-48454
https://notcve.org/view.php?id=CVE-2024-48454
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin? • https://github.com/N0zoM1z0/CVEs/blob/main/CVE-2024-48454.md https://www.sourcecodester.com https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48514
https://notcve.org/view.php?id=CVE-2024-48514
php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. • https://github.com/MaestroError/php-heic-to-jpg https://github.com/marcoris/CVEs/tree/master/CVE-2024-48514 • CWE-94: Improper Control of Generation of Code ('Code Injection') •