CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34990
https://notcve.org/view.php?id=CVE-2023-34990
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. • https://fortiguard.com/psirt/FG-IR-23-144 • CWE-23: Relative Path Traversal CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21546
https://notcve.org/view.php?id=CVE-2024-21546
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code. • https://gist.github.com/ImHades101/338a06816ef97262ba632af9c78b78ca https://github.com/UniSharp/laravel-filemanager/commit/8170760c0ae316d77b9363cd4c76ab68d3f63f0b https://security.snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-7210316 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-55506
https://notcve.org/view.php?id=CVE-2024-55506
An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. • https://github.com/CV1523/CVEs/blob/main/CVE-2024-55506.md •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12626 – AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value
https://notcve.org/view.php?id=CVE-2024-12626
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code. • https://plugins.trac.wordpress.org/changeset/3209794/automatorwp https://www.wordfence.com/threat-intel/vulnerabilities/id/c8abcc7b-6c68-4fc8-81af-e88624e417dd?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12671 – DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
https://notcve.org/view.php?id=CVE-2024-12671
A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027 • CWE-787: Out-of-bounds Write •