CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50420 – WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50420
24 Oct 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50427 – WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50427
24 Oct 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-50427 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8025 – Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8025
24 Oct 2024 — Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. ... An attacker can leverage this vulnerability to execute code in the cont... • https://downloadcenter.nikonimglib.com/en/download/sw/259.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48427
https://notcve.org/view.php?id=CVE-2024-48427
24 Oct 2024 — A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/? • https://www.sourcecodester.com/php/15360/packers-and-movers-management-system-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48423
https://notcve.org/view.php?id=CVE-2024-48423
24 Oct 2024 — An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. • https://github.com/assimp/assimp/issues/5788 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48454
https://notcve.org/view.php?id=CVE-2024-48454
24 Oct 2024 — An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin? • https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48514
https://notcve.org/view.php?id=CVE-2024-48514
24 Oct 2024 — php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. ... This affects php-heic-to-jpg 1.0.5 and below. php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. • https://github.com/MaestroError/php-heic-to-jpg • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50434 – WordPress NewsCard theme <= 1.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-50434
24 Oct 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse NewsCard.This issue affects NewsCard: from n/a through 1.3. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and... • https://patchstack.com/database/vulnerability/newscard/wordpress-newscard-theme-1-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50435 – WordPress Meta News theme <= 1.1.7 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-50435
24 Oct 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Meta News.This issue affects Meta News: from n/a through 1.1.7. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images... • https://patchstack.com/database/vulnerability/meta-news/wordpress-meta-news-theme-1-1-7-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50436 – WordPress Clean Retina theme <= 3.0.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-50436
24 Oct 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Clean Retina.This issue affects Clean Retina: from n/a through 3.0.6. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where ... • https://patchstack.com/database/vulnerability/clean-retina/wordpress-clean-retina-theme-3-0-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •