CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-36679
https://notcve.org/view.php?id=CVE-2024-36679
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. • https://security.friendsofpresta.org/modules/2024/06/18/livechatpro.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37821
https://notcve.org/view.php?id=CVE-2024-37821
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. Una vulnerabilidad de carga de archivos arbitrarios en la función Cargar plantilla de Dolibarr ERP CRM hasta v19.0.1 permite a los atacantes ejecutar código arbitrario cargando un archivo .SQL manipulado. • http://dolibarr.com https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35767 – WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-35767
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Bogdan Bendziukov Squeeze permite la inyección de código. Este problema afecta a Squeeze: desde n/a hasta 1.4. The Squeeze plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/squeeze/wordpress-squeeze-plugin-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36575
https://notcve.org/view.php?id=CVE-2024-36575
A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. Un problema de contaminación de prototipos en getsetprop 1.1.0 permite a un atacante ejecutar código arbitrario a través de global.accessor. • https://gist.github.com/mestrtee/0d830798f20839d634278d7af0155f9e • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36573
https://notcve.org/view.php?id=CVE-2024-36573
almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component. almela obx anterior a v.0.0.4 tiene un problema de contaminación de prototipos que permite la ejecución de código arbitrario a través de obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) componente. • https://gist.github.com/mestrtee/fd8181bbc180d775f8367a2b9e0ffcd1 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •