CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38989
https://notcve.org/view.php?id=CVE-2024-38989
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/5e9830fb180a34d65f04fafb52d2b94b https://github.com/izatop/bunt/commit/c55201a8cee03e5282f99874dead988c80d31db7 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43221 – WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43221
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/jetgridbuilder/wordpress-jetgridbuilder-plugin-1-1-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-41577
https://notcve.org/view.php?id=CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. • https://github.com/SENVIEL/learun-upload_file/issues/1 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43232 – WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43232
This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/timeline-and-history-slider/wordpress-timeline-and-history-slider-plugin-2-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-40478
https://notcve.org/view.php?id=CVE-2024-40478
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Stored%20XSS.pdf https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download •