CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33442
https://notcve.org/view.php?id=CVE-2024-33442
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. Un problema en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través del componente add_post.php. • https://github.com/summerwayace/cms/blob/main/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3957 – Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-3957
The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide. El complemento Booster for WooCommerce es vulnerable a la ejecución de códigos cortos arbitrarios no autenticados en versiones hasta la 7.1.8 incluida. Esto permite a atacantes no autenticados ejecutar códigos cortos arbitrarios. • https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/class-wcj-product-by-user.php#L245 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3076207%40woocommerce-jetpack%2Ftrunk&old=3046146%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail=#file7 https://www.wordfence.com/threat-intel/vulnerabilities/id/1653de8f-62eb-488b-9e97-8b30221b509f?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25938
https://notcve.org/view.php?id=CVE-2024-25938
A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25648
https://notcve.org/view.php?id=CVE-2024-25648
A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1959 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25575
https://notcve.org/view.php?id=CVE-2024-25575
A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1963 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •