CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38734 – WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38734
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/import-spreadsheets-from-microsoft-excel/wordpress-import-spreadsheets-from-microsoft-excel-plugin-10-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38736 – WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38736
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37149 – GLPI allows remote code execution through the plugin loader
https://notcve.org/view.php?id=CVE-2024-37149
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16. GLPI es un paquete de software de gestión de TI y activos de código abierto que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditoría de software. Un usuario técnico autenticado puede cargar un script PHP malicioso y secuestrar el cargador de complementos para ejecutar este script malicioso. • https://github.com/glpi-project/glpi/security/advisories/GHSA-cwvp-j887-m4xh • CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 96%CPEs: -EXPL: 1CVE-2024-5217 – ServiceNow Incomplete List of Disallowed Inputs Vulnerability
https://notcve.org/view.php?id=CVE-2024-5217
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. ServiceNow ha abordado una vulnerabilidad de validación de entrada que se identificó en las versiones de Washington DC, Vancouver y versiones anteriores de Now Platform. • https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning https://support.servicenow.com/kb?... id=kb_article_view&sysparm_article=KB1648313 https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 9.8EPSS: 96%CPEs: -EXPL: 10CVE-2024-4879 – ServiceNow Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. • https://github.com/Praison001/CVE-2024-4879-ServiceNow https://github.com/Brut-Security/CVE-2024-4879 https://github.com/bigb0x/CVE-2024-4879 https://github.com/Mr-r00t11/CVE-2024-4879 https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning https://github.com/ShadowByte1/CVE-2024-4879 https://github.com/zgimszhd61/CVE-2024-4879 https://github.com/jdusane/CVE-2024-4879 https://github.com/fa-rrel/CVE-2024-4879 https://github.com/0xWhoami35&#x • CWE-1287: Improper Validation of Specified Type of Input •