CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45142 – Substance3D - Stager | Write-what-where Condition (CWE-123)
https://notcve.org/view.php?id=CVE-2024-45142
09 Oct 2024 — Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html • CWE-123: Write-what-where Condition •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 2CVE-2024-9680 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-9680
09 Oct 2024 — An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. ... An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. ... A remote code execution vulnerability was found in Firefox and Thunderbird. The Mozilla... • https://github.com/tdonaworth/Firefox-CVE-2024-9680 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9575 – Local File Inclusion in pretix-widget WordPress plugin
https://notcve.org/view.php?id=CVE-2024-9575
09 Oct 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://pretix.eu/about/en/blog/20241009-wordpress-plugin-1-0-6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45746
https://notcve.org/view.php?id=CVE-2024-45746
09 Oct 2024 — This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE). • https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48034 – WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48034
09 Oct 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/create-flipbook-from-pdf/wordpress-creates-3d-flipbook-pdf-flipbook-plugin-1-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48035 – WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48035
09 Oct 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/acf-images-search-and-insert/wordpress-acf-images-search-and-insert-plugin-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48029 – WordPress SB Random Posts Widget plugin <= 1.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-48029
09 Oct 2024 — : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to b... • https://patchstack.com/database/vulnerability/sb-random-posts-widget/wordpress-sb-random-posts-widget-plugin-1-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48027 – WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-48027
09 Oct 2024 — The External featured image from bing plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/external-featured-image-from-bing/wordpress-external-featured-image-from-bing-plugin-1-0-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47823 – Livewire Remote Code Execution (RCE) on File Uploads
https://notcve.org/view.php?id=CVE-2024-47823
08 Oct 2024 — If the following criteria are met, the attacker can carry out an RCE attack: 1. ... Webserver is configured to execute “.php” files. ... If the following criteria are met, the attacker can carry out an RCE attack: 1. ... Webserver is configured to execute “.php” files. • https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43488 – Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43488
08 Oct 2024 — Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43488 • CWE-306: Missing Authentication for Critical Function •