CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33936 – WordPress Print-O-Matic plugin <= 2.1.10 - Auth. Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33936
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Print-O-Matic allows Stored XSS.This issue affects Print-O-Matic: from n/a through 2.1.10. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Twinpictures Print-O-Matic permite almacenar XSS. Este problema afecta a Print-O-Matic: desde n/a hasta 2.1.10. The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/print-o-matic/wordpress-print-o-matic-plugin-2-1-10-auth-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-0353 – Local privilege escalation in Windows products
https://notcve.org/view.php?id=CVE-2024-0353
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. La vulnerabilidad de escalada de privilegios local potencialmente permitió a un atacante hacer un mal uso de las operaciones de archivos de ESET para eliminar archivos sin tener el permiso adecuado. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ESET Service. By creating a symbolic link, an attacker can abuse the service to delete a file. • https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0354 – unknown-o download-station index.php path traversal
https://notcve.org/view.php?id=CVE-2024-0354
A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. • https://note.zhaoj.in/share/nHD5xiHQgHG0 https://vuldb.com/?ctiid.250121 https://vuldb.com/?id.250121 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42358
https://notcve.org/view.php?id=CVE-2023-42358
An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. Se descubrió un problema en O-RAN Software Community ric-plt-e2mgr en el entorno G-Release, que permite a atacantes remotos provocar una denegación de servicio (DoS) a través de una solicitud manipulada al componente API de E2Manager. • https://jira.o-ran-sc.org/browse/RIC-1009 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41627
https://notcve.org/view.php?id=CVE-2023-41627
O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. O-RAN Software Community ric-plt-lib-rmr v4.9.0 no valida la fuente de las tablas de enrutamiento que recibe, permitiendo potencialmente a los atacantes enviar tablas de enrutamiento falsificadas al dispositivo. • https://jira.o-ran-sc.org/browse/RIC-1001 https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html •