CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55085
https://notcve.org/view.php?id=CVE-2024-55085
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. • https://getsimple-ce.ovh https://tasteful-stamp-da4.notion.site/CVE-2024-55085-15b1e0f227cb80a5aee6faeb820bf7e6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55890 – D-Tale allows Remote Code Execution through the Custom Filter Input
https://notcve.org/view.php?id=CVE-2024-55890
Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. • https://github.com/man-group/dtale#custom-filter https://github.com/man-group/dtale/commit/1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a https://github.com/man-group/dtale/security/advisories/GHSA-832w-fhmw-w4f4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55661 – Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
https://notcve.org/view.php?id=CVE-2024-55661
A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public `remember()` method in the `Laravel\Pulse\Livewire\Concerns\RemembersQueries` trait. ... An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method in which the callable is a function or static method and the callable has no parameters or no strict parameter types. • https://github.com/laravel/pulse/commit/d1a5bf2eca36c6e3bedb4ceecd45df7d002a1ebc https://github.com/laravel/pulse/security/advisories/GHSA-8vwh-pr89-4mw2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9698 – Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files
https://notcve.org/view.php?id=CVE-2024-9698
This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/crafthemes-demo-import/trunk/inc/Helpers.php#L421 https://www.wordfence.com/threat-intel/vulnerabilities/id/e44dd0e8-e6e7-4a2d-b9ca-abd1de273092?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55879 – XWiki allows RCE from script right in configurable sections
https://notcve.org/view.php?id=CVE-2024-55879
Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. • https://github.com/xwiki/xwiki-platform/commit/8493435ff9606905a2d913607d6c79862d0c168d https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r279-47wg-chpr https://jira.xwiki.org/browse/XWIKI-21207 • CWE-862: Missing Authorization •