CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52057 – Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files
https://notcve.org/view.php?id=CVE-2024-52057
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*. • https://www.rti.com/vulnerabilities/#cve-2024-52057 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-55918
https://notcve.org/view.php?id=CVE-2024-55918
An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML injection by an attacker who can create a file in the current working directory. • https://metacpan.org/dist/Graphics-ColorNames https://metacpan.org/release/RRWO/Graphics-ColorNames-v3.2.0/changes https://rt.cpan.org/Public/Bug/Display.html?id=54500 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11012 – Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text
https://notcve.org/view.php?id=CVE-2024-11012
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/notibar/trunk/includes/NotificationBar/WpCustomNotification.php#L90 https://plugins.trac.wordpress.org/changeset/3205224 https://wordpress.org/plugins/notibar/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/1766727d-ba54-4b46-b362-415c14be027d?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12417 – Simple Link Directory <= 8.4.0 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-12417
The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/simple-link-directory/trunk/embed/qcopd-embed-link.php#L17 https://plugins.trac.wordpress.org/changeset/3206971/simple-link-directory/trunk/embed/qcopd-embed-link.php https://www.wordfence.com/threat-intel/vulnerabilities/id/b7112840-f190-4867-9408-c96408f28b7a?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55879 – XWiki allows RCE from script right in configurable sections
https://notcve.org/view.php?id=CVE-2024-55879
Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. • https://github.com/xwiki/xwiki-platform/commit/8493435ff9606905a2d913607d6c79862d0c168d https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r279-47wg-chpr https://jira.xwiki.org/browse/XWIKI-21207 • CWE-862: Missing Authorization •