CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39386 – ZDI-CAN-24057: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39386
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/bridge/apsb24-59.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6823 – Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action
https://notcve.org/view.php?id=CVE-2024-6823
This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-settings.php#L32 https://plugins.trac.wordpress.org/changeset/3133909 https://wordpress.org/plugins/media-library-assistant/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/9a446fe7-c97a-436e-b494-b924e6518297?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42489 – Pro Macros Remote Code Execution via Viewpdf and similar macros
https://notcve.org/view.php?id=CVE-2024-42489
Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. • https://github.com/xwikisas/xwiki-pro-macros/blob/main/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Viewpdf.xml#L265-L267 https://github.com/xwikisas/xwiki-pro-macros/commit/199553c84901999481a20614f093af2d57970eba https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-cfq3-q227-7j65 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-6917 – RCE in Veribilim Software's Veribase Order Management
https://notcve.org/view.php?id=CVE-2024-6917
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. • https://www.usom.gov.tr/bildirim/tr-24-1105 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38530 – Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"
https://notcve.org/view.php?id=CVE-2024-38530
This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. • https://github.com/gunet/openeclass/commit/4449cf8bed40fd8fc4b267a5726fab9f9fe5a191 https://github.com/gunet/openeclass/security/advisories/GHSA-88c3-hp7p-grgg • CWE-434: Unrestricted Upload of File with Dangerous Type •