CVE-2024-6783 – Vue client-side XSS via prototype pollution
https://notcve.org/view.php?id=CVE-2024-6783
The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code. • https://www.herodevs.com/vulnerability-directory/cve-2024-6783---vue-client-side-xss https://www.herodevs.com/vulnerability-directory/cve-2024-6783 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-6756 – Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6756
The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169 https://www.wordfence.com/threat-intel/vulnerabilities/id/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-6806 – Missing Authorization Checks In NI VeriStand Gateway For Project Resources
https://notcve.org/view.php?id=CVE-2024-6806
These missing checks may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •
CVE-2024-6805 – Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
https://notcve.org/view.php?id=CVE-2024-6805
These missing checks may result in information disclosure or remote code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html • CWE-862: Missing Authorization •
CVE-2024-6794 – Deserialization of Untrusted Data in NI VeriStand Waveform Streaming Server
https://notcve.org/view.php?id=CVE-2024-6794
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html • CWE-502: Deserialization of Untrusted Data •