CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56049 – WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-56049
17 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-subscriber-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56050 – WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-56050
17 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-3-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56051 – WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-56051
17 Dec 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5. The WPLMS plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 1.9.9.5 (exclusive). This makes it possible for authenticated attackers, with student-level access and above, to execute code on the server. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-student-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56052 – WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-56052
17 Dec 2024 — This makes it possible for authenticated attackers, with student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-student-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56054 – WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-56054
17 Dec 2024 — This makes it possible for authenticated attackers, with instructor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-instructor-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56057 – WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-56057
17 Dec 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6001
https://notcve.org/view.php?id=CVE-2024-6001
16 Dec 2024 — An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges. • https://support.lenovo.co/us/en/product_security/LEN-174319 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2024-49775
https://notcve.org/view.php?id=CVE-2024-49775
16 Dec 2024 — This could allow an unauthenticated remote attacker to execute arbitrary code. • https://cert-portal.siemens.com/productcert/html/ssa-928984.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12641 – Chunghwa Telecom TenderDocTransfer - Reflected Cross-site Scripting to RCE
https://notcve.org/view.php?id=CVE-2024-12641
16 Dec 2024 — Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user’s browser. • https://www.twcert.org.tw/en/cp-139-8299-42168-2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-29671
https://notcve.org/view.php?id=CVE-2024-29671
16 Dec 2024 — Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. • https://github.com/laskdjlaskdj12/CVE-2024-29671-POC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •