CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9419 – Certain HP Print Products–Potential Remote Code Execution and/or Elevation of Privilege with the HP Smart Universal Printing Driver
https://notcve.org/view.php?id=CVE-2024-9419
30 Oct 2024 — Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC. • https://support.hp.com/us-en/document/ish_11505949-11505972-16 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10392 – AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10392
30 Oct 2024 — The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10505 – wuzhicms block.php edit code injection
https://notcve.org/view.php?id=CVE-2024-10505
30 Oct 2024 — The manipulation leads to code injection. It is possible to launch the attack remotely. ... Durch Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/wuzhicms/wuzhicms/issues/209 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51243
https://notcve.org/view.php?id=CVE-2024-51243
30 Oct 2024 — The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. Eladmin v2.7 y anteriores contienen una vulnerabilidad de ejecución remota de código (RCE) que puede controlar todos los servidores de implementación de aplicaciones de este sistema de administración a través de DeployController.java. • https://github.com/shadia0/Patienc/blob/main/eladmin_rce.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51424
https://notcve.org/view.php?id=CVE-2024-51424
30 Oct 2024 — An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the Owned.setOwner function Un problema en Ethereum v.1.12.2 permite a un atacante remoto ejecutar código arbitrario a través de la función Owned.setOwner An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the Owned.setOwner function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/AURA_0x967d176328948e4db4446b8caf623ff9b47221fb.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50527 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50527
30 Oct 2024 — The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48807
https://notcve.org/view.php?id=CVE-2024-48807
30 Oct 2024 — Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. • https://medium.com/%40KrishnaChaganti/cross-site-scripting-xss-in-appointment-management-system-cve-2024-48807-0f7523be9fa2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51427
https://notcve.org/view.php?id=CVE-2024-51427
30 Oct 2024 — An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng smart contract mint function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/PepeGxng_0x5d8d1f28cad84fad8d2fea9fdd4ab5022d23b0fe.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-31972
https://notcve.org/view.php?id=CVE-2024-31972
30 Oct 2024 — EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user's session) via the Wi-Fi SSID input fields. • https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-31972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50525 – WordPress Helloprint plugin <= 2.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50525
30 Oct 2024 — The Plug your WooCommerce into the largest catalog of customized print products from Helloprint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/helloprint/wordpress-helloprint-plugin-2-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •