CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12552 – Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12552
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.8-2.html https://www.zerodayinitiative.com/advisories/ZDI-24-1683 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9290 – Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9290
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030 https://www.wordfence.com/threat-intel/vulnerabilities/id/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-54489
https://notcve.org/view.php?id=CVE-2024-54489
Running a mount command may unexpectedly execute arbitrary code. • https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54529
https://notcve.org/view.php?id=CVE-2024-54529
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55652 – PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters
https://notcve.org/view.php?id=CVE-2024-55652
Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. • https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260 https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6 https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •