CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6330 – GEO my WordPress < 4.4.0.2 - Unauthenticated RCE via LFI
https://notcve.org/view.php?id=CVE-2024-6330
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. • https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7242 – Panda Security Dome Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7242
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7234 – AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7234
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7237 – AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7237
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-33365
https://notcve.org/view.php?id=CVE-2024-33365
Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. • https://hackmd.io/%40JohnathanHuuTri/rJNbEItJC https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2024-33365/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •