CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 5CVE-2024-11972 – Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
https://notcve.org/view.php?id=CVE-2024-11972
10 Dec 2024 — The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed. ... This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code ex... • https://packetstorm.news/files/id/183164 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55638 – Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
https://notcve.org/view.php?id=CVE-2024-55638
09 Dec 2024 — This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-008 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55637 – Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
https://notcve.org/view.php?id=CVE-2024-55637
09 Dec 2024 — This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-007 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55636 – Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
https://notcve.org/view.php?id=CVE-2024-55636
09 Dec 2024 — This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-006 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10959 – Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth
https://notcve.org/view.php?id=CVE-2024-10959
09 Dec 2024 — Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via woot_get_smth AJAX action in all versions up to, and including, 1.0.6.5. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/profit-products-tables-for-woocommerce/trunk/index.php#L1666 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-12369 – Elytron-oidc-client: oidc authorization code injection
https://notcve.org/view.php?id=CVE-2024-12369
09 Dec 2024 — When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. • https://access.redhat.com/security/cve/CVE-2024-12369 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11608
https://notcve.org/view.php?id=CVE-2024-11608
09 Dec 2024 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0026 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11454 – Untrusted Search Path vulnerability in Autodesk Revit
https://notcve.org/view.php?id=CVE-2024-11454
09 Dec 2024 — A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0025 • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7298 – Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2023-7298
09 Dec 2024 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2023-0025 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12359 – code-projects Admin Dashboard vendor_management.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12359
09 Dec 2024 — A vulnerability was found in code-projects Admin Dashboard 1.0. ... This vulnerability affects unknown code of the file /vendor_management.php. ... In code-projects Admin Dashboard 1.0 wurde eine Schwachstelle ausgemacht. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •