CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 0CVE-2024-6345 – Remote Code Execution in pypa/setuptools
https://notcve.org/view.php?id=CVE-2024-6345
15 Jul 2024 — These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. ... These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. • https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37405
https://notcve.org/view.php?id=CVE-2024-37405
12 Jul 2024 — Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory. • https://hackerone.com/reports/2580062 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40546
https://notcve.org/view.php?id=CVE-2024-40546
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAKYP • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40522
https://notcve.org/view.php?id=CVE-2024-40522
12 Jul 2024 — There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. Existe una vulnerabilidad de ejecución remota de código en SeaCMS 12.9. La vulnerabilidad se debe a que phomebak.php escribe algunos nombres de variables pasados sin filtrarlos antes de e... • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38433 – Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
https://notcve.org/view.php?id=CVE-2024-38433
11 Jul 2024 — Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23317
https://notcve.org/view.php?id=CVE-2024-23317
11 Jul 2024 — External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. ... External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. • https://security.gallagher.com/Security-Advisories/CVE-2024-23317 • CWE-73: External Control of File Name or Path •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38736 – WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38736
11 Jul 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. The Realtyna Organic IDX plugin + WPL Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.14.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may m... • https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38734 – WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38734
11 Jul 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4. The Import Spreadsheets from Microsoft Excel plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 10.1.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the aff... • https://patchstack.com/database/vulnerability/import-spreadsheets-from-microsoft-excel/wordpress-import-spreadsheets-from-microsoft-excel-plugin-10-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32467
https://notcve.org/view.php?id=CVE-2023-32467
10 Jul 2024 — A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 • CWE-665: Improper Initialization •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32472
https://notcve.org/view.php?id=CVE-2023-32472
10 Jul 2024 — A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •