CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53554
https://notcve.org/view.php?id=CVE-2024-53554
25 Nov 2024 — A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. • https://drive.google.com/file/d/1v2MLZn4Ro9TCpw-KtksUACYFIzsbuTkL/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10781 – Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2024-10781
25 Nov 2024 — The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. • https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.44/lib/Cleantalk/ApbctWP/RemoteCalls.php#L95 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53914 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53914
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53915 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53915
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53910 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53910
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53911 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53911
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53913 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53913
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-53909 – Veritas Enterprise Vault MonitoringMiddleTier Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53909
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53912 – Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53912
24 Nov 2024 — It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.veritas.com/content/support/en_US/security/VTS24-014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11034 – Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form
https://notcve.org/view.php?id=CVE-2024-11034
22 Nov 2024 — The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/get-a-quote-button-for-woocommerce/tags/1.3.9/includes/class-ajax.php#L31 • CWE-94: Improper Control of Generation of Code ('Code Injection') •