CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9247 – Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9247
26 Sep 2024 — Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. A... • https://www.foxit.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9254 – Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9254
26 Sep 2024 — Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An att... • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22170 – Unchecked buffer in Dynamic DNS client
https://notcve.org/view.php?id=CVE-2024-22170
26 Sep 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.westerndigital.com/support/product-security/wdc-24005-western-digital-my-cloud-os-5-firmware-5-29-102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 87EXPL: 0CVE-2024-20475 – Cisco SD-WAN vManage Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-20475
25 Sep 2024 — A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. ... A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-xss-zQ4KPvYd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 2CVE-2024-7479 – Improper signature verification of VPN driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7479
25 Sep 2024 — Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://packetstorm.news/files/id/182012 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2024-7481 – Improper signature verification of Printer driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7481
25 Sep 2024 — Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://packetstorm.news/files/id/182012 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46489
https://notcve.org/view.php?id=CVE-2024-46489
25 Sep 2024 — A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. • https://github.com/VulnSphere/LLMVulnSphere/blob/main/Prompt/promptr/RCE_FC_6.0.7.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46655
https://notcve.org/view.php?id=CVE-2024-46655
25 Sep 2024 — A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. • https://csflabs.github.io/cve/2024/09/24/cve-2024-46655-Cross-Site-Scripting-%28XSS%29-%28Reflected%29-in-Ellevo-application.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47309 – WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-47309
25 Sep 2024 — This makes it possible for authenticated attackers, with Shop Manager-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/cities-shipping-zones-for-woocommerce/wordpress-cities-shipping-zones-for-woocommerce-plugin-1-2-7-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47319 – WordPress Bit Form plugin <= 2.13.10 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-47319
25 Sep 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Code Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/bit-form/wordpress-bit-form-plugin-2-13-10-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •