CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9981 – FormosaSoft ee-class - Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-9981
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8145-15bea-2.html https://www.twcert.org.tw/tw/cp-132-8144-2885b-1.html • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-21535
https://notcve.org/view.php?id=CVE-2024-21535
An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. • https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48779
https://notcve.org/view.php?id=CVE-2024-48779
An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. • https://gist.github.com/zty-1995/3fcdf702017ad6721e5011f74c1f6cee •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8746 – File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
https://notcve.org/view.php?id=CVE-2024-8746
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve https://filemanagerpro.io • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-6519 – Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-6519
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual LSI53C895A SCSI Host Bus Adapter. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://access.redhat.com/security/cve/CVE-2024-6519 https://bugzilla.redhat.com/show_bug.cgi?id=2292089 https://www.zerodayinitiative.com/advisories/ZDI-24-1382 • CWE-416: Use After Free •