CVSS: 6.7EPSS: 0%CPEs: 54EXPL: 0CVE-2024-20411 – Cisco NX-OS Bash Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20411
A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. ... A successful exploit could allow the attacker to execute arbitrary code with the privileges of root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26323 – Xiaomi App Market has a code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26323
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. • https://trust.mi.com/misrc/bulletins/advisory?cveId=543 •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2021-38120 – Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-38120
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43984 – WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-43984
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13. ... This makes it possible for unauthenticated attackers to modify templates and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-13-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7856 – MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-7856
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted. • https://github.com/l8BL/CVE-2024-7856 https://plugins.trac.wordpress.org/browser/mp3-music-player-by-sonaar/tags/5.7.0.1/includes/class-sonaar-music.php#L739 https://plugins.trac.wordpress.org/browser/mp3-music-player-by-sonaar/tags/5.7.0.1/includes/class-sonaar-music.php#L755 https://plugins.trac.wordpress.org/changeset/3142445/mp3-music-player-by-sonaar/trunk/includes/class-sonaar-music.php https://www.wordfence.com/threat-intel/vulnerabilities/id/43adc9dd-1780-440f-90c2-ff05a22eb084?source& • CWE-862: Missing Authorization •