CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47649 – WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-47649
30 Sep 2024 — The Iconize plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/iconize/wordpress-iconize-plugin-1-2-4-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-45200
https://notcve.org/view.php?id=CVE-2024-45200
30 Sep 2024 — In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. ... This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. • https://github.com/latte-soft/kartlanpwn • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47351 – WordPress MaxSlider plugin <= 1.2.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-47351
30 Sep 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/maxslider/wordpress-maxslider-plugin-1-2-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6983 – Remote Code Execution in mudler/localai
https://notcve.org/view.php?id=CVE-2024-6983
27 Sep 2024 — mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. • https://huntr.com/bounties/f91fb287-412e-4c89-87df-9e4b6e609647 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-8353 – GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-8353
27 Sep 2024 — The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. • https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46865 – fou: fix initialization of grc
https://notcve.org/view.php?id=CVE-2024-46865
27 Sep 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46859 – platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
https://notcve.org/view.php?id=CVE-2024-46859
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. ... For higher SINF indexes hide the sysfs attributes when the SINF array does not contain an entry for that attribute, avoiding show()/store() accessing the array out of bounds and add bounds checking to... • https://git.kernel.org/stable/c/e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46858 – mptcp: pm: Fix uaf in __timer_delete_sync
https://notcve.org/view.php?id=CVE-2024-46858
27 Sep 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/00cfd77b9063dcdf3628a7087faba60de85a9cc8 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46855 – netfilter: nft_socket: fix sk refcount leaks
https://notcve.org/view.php?id=CVE-2024-46855
27 Sep 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/039b1f4f24ecc8493b6bb9d70b4b78750d1b35c2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46854 – net: dpaa: Pad packets to ETH_ZLEN
https://notcve.org/view.php?id=CVE-2024-46854
27 Sep 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/9ad1a37493338cacf04e2c93acf44d151a7adda8 •