CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44019 – WordPress Contact Form 7 Campaign Monitor Extension plugin <= 0.4.67 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-44019
24 Sep 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/contact-form-7-campaign-monitor-extension/wordpress-contact-form-7-campaign-monitor-extension-plugin-0-4-67-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44034 – WordPress WPSPX plugin <= 1.0.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44034
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wpspx/wordpress-wpspx-plugin-1-0-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44015 – WordPress Users Control plugin <= 1.0.16 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44015
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/users-control/wordpress-users-control-plugin-1-0-16-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44012 – WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44012
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wp-newsletter-subscription/wordpress-wp-newsletter-subscription-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44016 – WordPress Podiant plugin <= 1.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44016
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/podiant/wordpress-podiant-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44013 – WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44013
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/vr-calendar-sync/wordpress-vr-calendar-plugin-2-4-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45348 – Xiaomi Router AX9000 has a post-authorization command injection vulnerability
https://notcve.org/view.php?id=CVE-2024-45348
23 Sep 2024 — This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=547 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9112 – FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9112
23 Sep 2024 — FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the c... • https://www.zerodayinitiative.com/advisories/ZDI-24-1273 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9113 – FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9113
23 Sep 2024 — FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the c... • https://www.zerodayinitiative.com/advisories/ZDI-24-1274 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40442
https://notcve.org/view.php?id=CVE-2024-40442
23 Sep 2024 — An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •