CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48035 – WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48035
The ACF Images Search And Insert plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/acf-images-search-and-insert/wordpress-acf-images-search-and-insert-plugin-1-1-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45746
https://notcve.org/view.php?id=CVE-2024-45746
This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE). • https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html https://www.trustedfirmware.org/projects/tf-m • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48034 – WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48034
The Creates 3D Flipbook, PDF Flipbook in WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/create-flipbook-from-pdf/wordpress-creates-3d-flipbook-pdf-flipbook-plugin-1-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47823 – Livewire Remote Code Execution (RCE) on File Uploads
https://notcve.org/view.php?id=CVE-2024-47823
If the following criteria are met, the attacker can carry out an RCE attack: 1. ... Webserver is configured to execute “.php” files. ... If the following criteria are met, the attacker can carry out an RCE attack: 1. ... Webserver is configured to execute “.php” files. • https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5 https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp https://github.com/livewire/livewire/pull/8624 https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-43488 – Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43488
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43488 • CWE-306: Missing Authentication for Critical Function •