CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35767 – WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-35767
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Bogdan Bendziukov Squeeze permite la inyección de código. Este problema afecta a Squeeze: desde n/a hasta 1.4. The Squeeze plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/squeeze/wordpress-squeeze-plugin-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36575
https://notcve.org/view.php?id=CVE-2024-36575
A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. Un problema de contaminación de prototipos en getsetprop 1.1.0 permite a un atacante ejecutar código arbitrario a través de global.accessor. • https://gist.github.com/mestrtee/0d830798f20839d634278d7af0155f9e • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36573
https://notcve.org/view.php?id=CVE-2024-36573
almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component. almela obx anterior a v.0.0.4 tiene un problema de contaminación de prototipos que permite la ejecución de código arbitrario a través de obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) componente. • https://gist.github.com/mestrtee/fd8181bbc180d775f8367a2b9e0ffcd1 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-36581
https://notcve.org/view.php?id=CVE-2024-36581
A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm. Un problema de contaminación de prototipos en abw Badger-database 1.2.1 permite a un atacante ejecutar código arbitrario a través de dist/badger-database.esm. • https://gist.github.com/mestrtee/f6b2ed1b3b4bc0df994c7455fc6110bd • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-38395
https://notcve.org/view.php?id=CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable." En iTerm2 anterior a 3.5.2, la configuración "La terminal puede informar el título de la ventana" no se respeta y, por lo tanto, puede ocurrir la ejecución remota de código, pero "no es trivialmente explotable". • https://github.com/vin01/poc-cve-2024-38396 http://www.openwall.com/lists/oss-security/2024/06/17/1 https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219 https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2 https://iterm2.com/downloads.html https://www.openwall.com/lists/oss-security/2024/06/15/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •