CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50330
https://notcve.org/view.php?id=CVE-2023-50330
A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1903 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49867
https://notcve.org/view.php?id=CVE-2023-49867
A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1904 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27459
https://notcve.org/view.php?id=CVE-2024-27459
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. • https://community.openvpn.net/openvpn/wiki/CVE-2024-27459 https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974 https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6320 – ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6320
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/scrollto-top/trunk/scrollto-top.php?rev=662578#L238 https://www.wordfence.com/threat-intel/vulnerabilities/id/e11f1a56-d5a2-47a4-a5cc-34345966495a?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6123 – Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6123
This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/bit-form/tags/2.12.2/includes/Admin/AdminAjax.php#L1176 https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1b255f-d775-4bd5-892e-42bf82dd5632?source=cve https://plugins.trac.wordpress.org/changeset/3114814/bit-form/trunk/includes/Admin/AdminAjax.php • CWE-434: Unrestricted Upload of File with Dangerous Type •