CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52375 – WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52375
11 Nov 2024 — The Datasets Manager by Arttia Creative plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/datasets-manager-by-arttia-creative/wordpress-datasets-manager-by-arttia-creative-plugin-1-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-52530 – libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
https://notcve.org/view.php?id=CVE-2024-52530
11 Nov 2024 — An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://gitlab.gnome.org/GNOME/libsoup/-/issues/377 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52393 – WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52393
11 Nov 2024 — The Podlove Podcast Publisher plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.1.15. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-15-admin-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52370 – WordPress Hive Support – WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin <= 1.1.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52370
11 Nov 2024 — The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/hive-support/wordpress-hive-support-wordpress-help-desk-live-chat-ai-chat-bot-plugin-for-wordpress-plugin-1-1-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-52380 – WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52380
11 Nov 2024 — The Picsmize plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/picsmize/wordpress-picsmize-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52531 – libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
https://notcve.org/view.php?id=CVE-2024-52531
11 Nov 2024 — Decoding specially crafted UTF-8 input data with the soup_header_parse_param_list_strict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library. ... An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11050 – AMTT Hotel Broadband Operation System language.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11050
10 Nov 2024 — A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.283793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10958 – WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay
https://notcve.org/view.php?id=CVE-2024-10958
10 Nov 2024 — The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://github.com/reinh3rz/CVE-2024-10958-WPPA-Exploit • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46951 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46951
10 Nov 2024 — An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46952 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46952
10 Nov 2024 — Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=708001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •