CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41647
https://notcve.org/view.php?id=CVE-2024-41647
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41649
https://notcve.org/view.php?id=CVE-2024-41649
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-281: Improper Preservation of Permissions •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11946 – iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2024-11946
06 Dec 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55268
https://notcve.org/view.php?id=CVE-2024-55268
06 Dec 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/COVID19/Reflected%20Cross%20Site%20reg.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11944 – iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11944
06 Dec 2024 — iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. ... An attacker can leverage this in conjunction with other vulnerabilities to e... • https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41646
https://notcve.org/view.php?id=CVE-2024-41646
06 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-281: Improper Preservation of Permissions •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-54262 – WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54262
06 Dec 2024 — The Import Export For WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/import-export-for-woocommerce/vulnerability/wordpress-import-export-for-woocommerce-plugin-1-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10909 – Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode
https://notcve.org/view.php?id=CVE-2024-10909
05 Dec 2024 — The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/pojo-forms/tags/1.4.7/classes/class-pojo-forms-ajax.php#L16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12130 – Rockwell Automation Arena® Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-12130
05 Dec 2024 — An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could lev... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11158 – Rockwell Automation Arena® Uninitialized Vulnerability
https://notcve.org/view.php?id=CVE-2024-11158
05 Dec 2024 — An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to <... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-665: Improper Initialization •