CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47557 – Pre-Auth RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47557
07 Oct 2024 — Pre-Auth RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47556 – Pre-Auth RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47556
07 Oct 2024 — Pre-Auth RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6362
https://notcve.org/view.php?id=CVE-2023-6362
07 Oct 2024 — This could allow attackers to execute arbitrary code via a long filename argument. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6361
https://notcve.org/view.php?id=CVE-2023-6361
07 Oct 2024 — This could allow attackers to execute arbitrary code via a long filename argument. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-20103
https://notcve.org/view.php?id=CVE-2024-20103
07 Oct 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-20101
https://notcve.org/view.php?id=CVE-2024-20101
07 Oct 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-20100
https://notcve.org/view.php?id=CVE-2024-20100
07 Oct 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28709
https://notcve.org/view.php?id=CVE-2024-28709
07 Oct 2024 — Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. • http://limesurvey.com •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28710
https://notcve.org/view.php?id=CVE-2024-28710
07 Oct 2024 — Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. • http://limesurvey.com •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9529 – Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9529
07 Oct 2024 — The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions. The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to limited arbitrary function calls via the 'register_meta_box_cb' and 'meta_box_cb' paramet... • https://wpscan.com/vulnerability/dd3cc8d8-4dff-47f9-b036-5d09f2c7e5f2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •