CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-52044
https://notcve.org/view.php?id=CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. • https://github.com/Studio-42/elFinder/issues/3615 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42835
https://notcve.org/view.php?id=CVE-2024-42835
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. • https://github.com/langflow-ai/langflow/issues/2908 •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48200
https://notcve.org/view.php?id=CVE-2024-48200
An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) • https://gist.github.com/ahmedsherif/ad56cd3a9ef86cdc05175fb591804c64 https://mobaxterm.mobatek.net/download-home-edition.html •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39332
https://notcve.org/view.php?id=CVE-2024-39332
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. • https://herolab.usd.de/security-advisories/usd-2024-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51582 – WordPress WP Hotel Booking plugin <= 2.1.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-51582
This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wp-hotel-booking/wordpress-wp-hotel-booking-plugin-2-1-4-local-file-inclusion-vulnerability?_s_id=cve • .//' CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •