CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52369 – WordPress KBucket plugin <= 4.1.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52369
11 Nov 2024 — The KBucket: Your Curated Content in WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/kbucket/wordpress-kbucket-plugin-4-1-6-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46965
https://notcve.org/view.php?id=CVE-2024-46965
11 Nov 2024 — The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component. • https://github.com/actuator/allvideo.downloader.browser/blob/main/CVE-2024-46965 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51186
https://notcve.org/view.php?id=CVE-2024-51186
11 Nov 2024 — D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. • https://github.com/4hsien/CVE-vulns/blob/main/D-Link/DIR-820L/CI_ping_addr/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52379 – WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52379
11 Nov 2024 — The kineticPay for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/kineticpay-for-woocommerce/wordpress-kineticpay-for-woocommerce-plugin-2-0-8-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-50990
https://notcve.org/view.php?id=CVE-2024-50990
11 Nov 2024 — A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter. • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Marriage%20Registration/Marriage%20reflected%20in%20userpage.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52384 – WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52384
11 Nov 2024 — The Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ai-content-generator/wordpress-sage-ai-chatbots-openai-gpt-4-bulk-articles-dalle-3-image-generation-plugin-2-4-9-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46964
https://notcve.org/view.php?id=CVE-2024-46964
11 Nov 2024 — The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component. • https://github.com/actuator/com.video.downloader.all/blob/main/CVE-2024-46964 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46966
https://notcve.org/view.php?id=CVE-2024-46966
11 Nov 2024 — The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. • https://github.com/actuator/mn.ikhgur.khotoch/blob/main/CVE-2024-46966 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-52532 – libsoup: infinite loop while reading websocket data
https://notcve.org/view.php?id=CVE-2024-52532
11 Nov 2024 — An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://gitlab.gnome.org/GNOME/libsoup/-/issues/391 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52372 – WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52372
11 Nov 2024 — The Easy CSV Importer BETA plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 7.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/easy-csv-importer/wordpress-easy-csv-importer-plugin-7-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •