CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50453 – WordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-50453
24 Oct 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-23: Relative Path Traversal CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50457 – WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-50457
24 Oct 2024 — : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain... • https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-6-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41617
https://notcve.org/view.php?id=CVE-2024-41617
24 Oct 2024 — The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution. • https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d • CWE-863: Incorrect Authorization •
CVSS: 6.0EPSS: 0%CPEs: 284EXPL: 0CVE-2024-20485
https://notcve.org/view.php?id=CVE-2024-20485
23 Oct 2024 — A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. ... A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-lce-vU3ekMJ3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 27EXPL: 0CVE-2024-20329 – Cisco Adaptive Security Appliance Software Remote Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-20329
23 Oct 2024 — A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. ... An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF •
CVSS: 10.0EPSS: 87%CPEs: 6EXPL: 12CVE-2024-47575 – Fortinet FortiManager Missing Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2024-47575
23 Oct 2024 — A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted req... • https://github.com/hazesecurity/CVE-2024-47575 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47901
https://notcve.org/view.php?id=CVE-2024-47901
23 Oct 2024 — The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-333468.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50050
https://notcve.org/view.php?id=CVE-2024-50050
23 Oct 2024 — Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. • https://www.facebook.com/security/advisories/cve-2024-50050 •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48919 – RCE via Prompt Injection Into Cursor's Terminal Cmd-K
https://notcve.org/view.php?id=CVE-2024-48919
22 Oct 2024 — Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. • https://github.com/getcursor/cursor/security/advisories/GHSA-rmj9-23rg-gr67 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48927 – Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
https://notcve.org/view.php?id=CVE-2024-48927
22 Oct 2024 — Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-5955-cwv4-h7qh • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •