CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50442 – WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability
https://notcve.org/view.php?id=CVE-2024-50442
24 Oct 2024 — This makes it possible for authenticated attackers, with author-level access and above, to inject external entities and perform other attacks like SSRF and remote code execution in the proper configuration. • https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-980-xml-external-entity-xxe-vulnerability?_s_id=cve • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50453 – WordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-50453
24 Oct 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-23: Relative Path Traversal CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50457 – WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-50457
24 Oct 2024 — : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain... • https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-6-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41617
https://notcve.org/view.php?id=CVE-2024-41617
24 Oct 2024 — This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution. • https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d • CWE-863: Incorrect Authorization •
CVSS: 6.0EPSS: 0%CPEs: 284EXPL: 0CVE-2024-20485
https://notcve.org/view.php?id=CVE-2024-20485
23 Oct 2024 — A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. ... A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-lce-vU3ekMJ3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 91EXPL: 0CVE-2024-20415
https://notcve.org/view.php?id=CVE-2024-20415
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 91EXPL: 0CVE-2024-20410
https://notcve.org/view.php?id=CVE-2024-20410
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 92EXPL: 0CVE-2024-20409
https://notcve.org/view.php?id=CVE-2024-20409
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 92EXPL: 0CVE-2024-20403
https://notcve.org/view.php?id=CVE-2024-20403
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 91EXPL: 0CVE-2024-20386
https://notcve.org/view.php?id=CVE-2024-20386
23 Oct 2024 — A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •