CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4605 – Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-4605
The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code. El complemento Breakdance para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 1.7.1 incluida a través de metadatos de publicación. • https://breakdance.com/breakdance-1-7-2-now-available-security-update https://www.wordfence.com/threat-intel/vulnerabilities/id/095b23b7-71ab-41eb-b666-73df2e1a7eb4?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29209
https://notcve.org/view.php?id=CVE-2024-29209
Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine. Impact: Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: Automated updates will be pushed to address this issue. • https://support.knowbe4.com/hc/en-us/articles/28959755127955-CVE-2024-29209 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34341 – The Trix Editor Contains an Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34341
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. • https://github.com/basecamp/trix/commit/1a5c68a14d48421fc368e30026f4a7918028b7ad https://github.com/basecamp/trix/commit/841ff19b53f349915100bca8fcb488214ff93554 https://github.com/basecamp/trix/pull/1147 https://github.com/basecamp/trix/pull/1149 https://github.com/basecamp/trix/releases/tag/v2.1.1 https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3759 – Hmdfs has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-3759
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3758 – Hmdfs has a heap buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2024-3758
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-122: Heap-based Buffer Overflow •