CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1471 – HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-1471
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. Existe una vulnerabilidad de inyección de HTML en la que un atacante remoto autenticado con privilegios de administrador en la aplicación Security Center podría modificar los parámetros del repositorio, lo que podría provocar ataques de redirección de HTML. • https://www.tenable.com/security/tns-2024-02 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-25301
https://notcve.org/view.php?id=CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. Se descubrió que Redaxo v5.15.1 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /pages/templates.php. • https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/RCE.md https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24707 – WordPress Cwicly plugin <= 1.4.0.2 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-24707
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. • https://patchstack.com/database/vulnerability/cwicly/wordpress-cwicly-plugin-1-4-0-2-remote-code-execution-rce-vulnerability?_s_id=cve https://snicco.io/vulnerability-disclosure/cwicly/remote-code-execution-cwicly-1-4-0-2?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25918 – WordPress InstaWP Connect plugin <= 0.1.0.8 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-25918
Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en InstaWP Team InstaWP Connect permite la inyección de código. Este problema afecta a InstaWP Connect: desde n/a hasta 0.1.0.8. The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.1.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-8-remote-code-execution-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20587
https://notcve.org/view.php?id=CVE-2023-20587
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009 •