CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32266 – Code injection vulnerability found in OpenText Application Lifecycle Management (ALM),Quality Center.
https://notcve.org/view.php?id=CVE-2023-32266
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1. La vulnerabilidad de ruta de búsqueda no confiable en OpenText™ Application Lifecycle Management (ALM),Quality Center permite la inclusión de código. La vulnerabilidad permite a un usuario archivar archivos DLL maliciosos en el sistema antes de la instalación. • https://portal.microfocus.com/s/article/KM000024386?language=en_US • CWE-426: Untrusted Search Path •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-49260 – WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49260
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en el complemento Limb WordPress Gallery: Limb Image Gallery permite la inyección de código. Este problema afecta al complemento Limb WordPress Gallery: desde n/a hasta 1.5.7. • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-49254 – WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49254
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. • https://patchstack.com/database/vulnerability/ajax-extend/wordpress-ajax-extend-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48744
https://notcve.org/view.php?id=CVE-2024-48744
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. Se encontró una vulnerabilidad de cross-site scripting (XSS) reflejado en /trms/listed-teachers.php en PHPGurukul Teachers Record Management System v2.1, que permite a atacantes remotos ejecutar código arbitrario a través del parámetro de solicitud POST "searchinput". • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9981 – FormosaSoft ee-class - Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-9981
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8145-15bea-2.html https://www.twcert.org.tw/tw/cp-132-8144-2885b-1.html • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •