CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8746 – File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
https://notcve.org/view.php?id=CVE-2024-8746
15 Oct 2024 — This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6519 – Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-6519
15 Oct 2024 — An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual LSI53C895A SCSI Host Bus Adapter. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://access.redhat.com/security/cve/CVE-2024-6519 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45733 – Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows
https://notcve.org/view.php?id=CVE-2024-45733
14 Oct 2024 — In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. • https://advisory.splunk.com/advisories/SVD-2024-1003 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45731 – Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk
https://notcve.org/view.php?id=CVE-2024-45731
14 Oct 2024 — In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. • https://advisory.splunk.com/advisories/SVD-2024-1001 • CWE-23: Relative Path Traversal •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50780 – Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
https://notcve.org/view.php?id=CVE-2023-50780
14 Oct 2024 — This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. • https://github.com/mbadanoiu/CVE-2023-50780 • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7847 – RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script
https://notcve.org/view.php?id=CVE-2024-7847
14 Oct 2024 — This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9936 – Ubuntu Security Notice USN-7078-1
https://notcve.org/view.php?id=CVE-2024-9936
14 Oct 2024 — An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1920381 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-9139 – OS Command Injection in Restricted Command
https://notcve.org/view.php?id=CVE-2024-9139
14 Oct 2024 — The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48168
https://notcve.org/view.php?id=CVE-2024-48168
14 Oct 2024 — A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. • https://github.com/fu37kola/cve/blob/main/D-Link/DCS-960L/D-Link%20DCS-960L%201.09%20Stack%20overflow_1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49260 – WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49260
14 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •