CVE-2024-7240 – F-Secure Total Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7240
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2024-6451 – AI Engine < 2.5.1 - Admin+ RCE
https://notcve.org/view.php?id=CVE-2024-6451
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. ... The AI Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the /wp-json/mwai/v1/settings/update REST API endpoint. ... This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-40576
https://notcve.org/view.php?id=CVE-2024-40576
Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component. • https://github.com/jubilianite/CVEs/blob/main/CVE-2024-40576.md https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html https://github.com/jubilianite/CVEs/security/advisories/GHSA-674x-j9wj-qvpp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7230 – Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7230
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2024-7231 – Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7231
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •