CVE-2024-6220 – 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6220
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/keydatas/trunk/keydatas.php https://www.wordfence.com/threat-intel/vulnerabilities/id/49ae7971-7bdf-4369-b04b-fb48ea5b9518?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-39700 – Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
https://notcve.org/view.php?id=CVE-2024-39700
Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. ... Los repositorios creados usando esta plantilla con la opción `test` incluyen el flujo de trabajo `update-integration-tests.yml` que tiene una vulnerabilidad RCE. Se insta a los autores de extensiones que alojan su código en GitHub a actualizar la plantilla a la última versión. • https://github.com/LOURC0D3/CVE-2024-39700-PoC https://github.com/jupyterlab/extension-template/commit/035e78c1c65bcedee97c95bb683abe59c96bc4e6 https://github.com/jupyterlab/extension-template/security/advisories/GHSA-45gq-v5wm-82wg • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-40515
https://notcve.org/view.php?id=CVE-2024-40515
,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/410d6ae5c8ead88c2e0f5c641b2382ec • CWE-940: Improper Verification of Source of a Communication Channel •
CVE-2024-40516
https://notcve.org/view.php?id=CVE-2024-40516
., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. • https://gist.github.com/as-lky/2acc62c6283c7a1fe3af046b05091d15 • CWE-940: Improper Verification of Source of a Communication Channel •
CVE-2024-38768 – WordPress The Pack Elementor addons plugin <= 2.0.8.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38768
This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-8-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •