CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44015 – WordPress Users Control plugin <= 1.0.16 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44015
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/users-control/wordpress-users-control-plugin-1-0-16-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44012 – WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44012
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wp-newsletter-subscription/wordpress-wp-newsletter-subscription-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44016 – WordPress Podiant plugin <= 1.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44016
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/podiant/wordpress-podiant-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44013 – WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44013
24 Sep 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/vr-calendar-sync/wordpress-vr-calendar-plugin-2-4-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45348 – Xiaomi Router AX9000 has a post-authorization command injection vulnerability
https://notcve.org/view.php?id=CVE-2024-45348
23 Sep 2024 — This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=547 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9112 – FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9112
23 Sep 2024 — FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. ... An attacker can leverage this vulnerability to execute code in the context o... • https://www.zerodayinitiative.com/advisories/ZDI-24-1273 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9113 – FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9113
23 Sep 2024 — FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. ... An attacker can leverage this vulnerability to execute code in the context o... • https://www.zerodayinitiative.com/advisories/ZDI-24-1274 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46948
https://notcve.org/view.php?id=CVE-2023-46948
23 Sep 2024 — A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components. • https://github.com/AzraelsBlade/CVE-2023-46948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37779
https://notcve.org/view.php?id=CVE-2024-37779
23 Sep 2024 — WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. • https://medium.com/%40daviddepaulasantos/our-brand-new-cve-authenticated-remote-code-execution-rce-on-elvis-dam-c544d879ef1e • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39843 – Centreon updateAccessGroupLinks_MC SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39843
23 Sep 2024 — A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •