CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48359
https://notcve.org/view.php?id=CVE-2024-48359
31 Oct 2024 — Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. • https://github.com/OpenXP-Research/CVE-2024-48359 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-51430
https://notcve.org/view.php?id=CVE-2024-51430
31 Oct 2024 — Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component. • https://github.com/BLACK-SCORP10/CVE-2024-51430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39332
https://notcve.org/view.php?id=CVE-2024-39332
31 Oct 2024 — Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. • https://herolab.usd.de/security-advisories/usd-2024-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42835
https://notcve.org/view.php?id=CVE-2024-42835
31 Oct 2024 — langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. • https://github.com/langflow-ai/langflow/issues/2908 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-9422 – GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9422
31 Oct 2024 — The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. The GEO My WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including 4.4.0.2 (or version up to 3.1 for premium). This makes it possible for authenticated attackers, with Administrator-level ... • https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10456 – Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2024-10456
30 Oct 2024 — Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to execute code in the context of an administrato... • https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9419 – Certain HP Print Products–Potential Remote Code Execution and/or Elevation of Privilege with the HP Smart Universal Printing Driver
https://notcve.org/view.php?id=CVE-2024-9419
30 Oct 2024 — Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC. • https://support.hp.com/us-en/document/ish_11505949-11505972-16 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10392 – AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10392
30 Oct 2024 — The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10505 – wuzhicms block.php edit code injection
https://notcve.org/view.php?id=CVE-2024-10505
30 Oct 2024 — The manipulation leads to code injection. It is possible to launch the attack remotely. ... Durch Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/wuzhicms/wuzhicms/issues/209 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51243
https://notcve.org/view.php?id=CVE-2024-51243
30 Oct 2024 — The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. Eladmin v2.7 y anteriores contienen una vulnerabilidad de ejecución remota de código (RCE) que puede controlar todos los servidores de implementación de aplicaciones de este sistema de administración a través de DeployController.java. • https://github.com/shadia0/Patienc/blob/main/eladmin_rce.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •