CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8429 – Improper Authentication in Digital Operation Services' WiFiBurada
https://notcve.org/view.php?id=CVE-2024-8429
17 Dec 2024 — Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. • https://www.usom.gov.tr/bildirim/tr-24-1888 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51114
https://notcve.org/view.php?id=CVE-2024-51114
03 Dec 2024 — An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file • https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51836 – WordPress Wezido plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51836
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teconce Wezido allows DOM-Based XSS.This issue affects Wezido: from n/a through 1.2. The Wezido plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execut... • https://patchstack.com/database/vulnerability/wezido-elementor-addon-based-on-easy-digital-downloads/wordpress-wezido-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49242 – WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49242
14 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Shafiq Digital Lottery permite cargar un shell web a un servidor web. Este problema afecta a Digital Lottery: desde n/a hasta 3.0.5. The Digital Lottery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type va... • https://patchstack.com/database/vulnerability/digital-lottery/wordpress-digital-lottery-plugin-3-0-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22170 – Unchecked buffer in Dynamic DNS client
https://notcve.org/view.php?id=CVE-2024-22170
26 Sep 2024 — Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP responses provided to the ddns-start program. The iss... • https://www.westerndigital.com/support/product-security/wdc-24005-western-digital-my-cloud-os-5-firmware-5-29-102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8585 – LEARNING DIGITAL Orca HCM - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2024-8585
09 Sep 2024 — Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8042-f9f26-2.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-8584 – LEARNING DIGITAL Orca HCM - Missing Authentication
https://notcve.org/view.php?id=CVE-2024-8584
09 Sep 2024 — Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. • https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8327 – HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - SQL injection
https://notcve.org/view.php?id=CVE-2024-8327
30 Aug 2024 — Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents. Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete datab... • https://www.twcert.org.tw/en/cp-139-8032-a3d5c-2.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42905
https://notcve.org/view.php?id=CVE-2024-42905
28 Aug 2024 — Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file. • https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43162 – WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43162
07 Aug 2024 — Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12. The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access a... • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •