CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43595 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43595
17 Oct 2024 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43595 • CWE-126: Buffer Over-read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43566 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43566
17 Oct 2024 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43566 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-6333 – Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products
https://notcve.org/view.php?id=CVE-2024-6333
17 Oct 2024 — Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48903 – Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-48903
17 Oct 2024 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti-Malware Solution Platform. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the conte... • https://success.trendmicro.com/en-US/solution/KA-0017997 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27766
https://notcve.org/view.php?id=CVE-2024-27766
17 Oct 2024 — An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. • https://github.com/Ant1sec-ops/CVE-2024-27766 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30875
https://notcve.org/view.php?id=CVE-2024-30875
17 Oct 2024 — Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. • https://github.com/Ant1sec-ops/CVE-2024-30875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-28988
https://notcve.org/view.php?id=CVE-2024-28988
17 Oct 2024 — SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26785
https://notcve.org/view.php?id=CVE-2023-26785
17 Oct 2024 — MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability. MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. • https://github.com/Ant1sec-ops/CVE-2023-26785 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-49607 – WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49607
17 Oct 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-49607 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49610 – WordPress photokit plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49610
17 Oct 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/photokit/wordpress-photokit-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •