CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-12476
https://notcve.org/view.php?id=CVE-2024-12476
17 Jan 2025 — CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote co... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-11139
https://notcve.org/view.php?id=CVE-2024-11139
17 Jan 2025 — CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-09&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-09.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13333 – Advanced File Manager 5.2.12 - 5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-13333
16 Jan 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above and upload permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/class_fma_connector.php?rev=3200092#L78 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23562 – WordPress XLSXviewer plugin <= 2.1.1 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-23562
16 Jan 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/xlsx-viewer/vulnerability/wordpress-xlsxviewer-plugin-2-1-1-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23918 – WordPress Smallerik File Browser plugin <= 1.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-23918
16 Jan 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/smallerik-file-browser/vulnerability/wordpress-smallerik-file-browser-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23921 – WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-23921
16 Jan 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/gf-multi-uploader/vulnerability/wordpress-multi-uploader-for-gravity-forms-plugin-1-1-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23942 – WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-23942
16 Jan 2025 — This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wp-load-gallery/vulnerability/wordpress-wp-load-gallery-plugin-2-1-6-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23953 – WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-23953
16 Jan 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/user-files/vulnerability/wordpress-user-files-plugin-2-4-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54660
https://notcve.org/view.php?id=CVE-2024-54660
16 Jan 2025 — This could lead to remote code execution. ... Using untrusted parameters in the krbJAASFile and/or remote host can trigger JNDI injection in the JDBC URL through the krbJAASFile. • https://www.blackhat.com/eu-24/briefings/schedule/index.html#a-novel-attack-surface-java-authentication-and-authorization-service-jaas-42179 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40513
https://notcve.org/view.php?id=CVE-2024-40513
16 Jan 2025 — An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function. • https://github.com/php-lover-boy/ChatVia • CWE-434: Unrestricted Upload of File with Dangerous Type •