CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34614
https://notcve.org/view.php?id=CVE-2024-34614
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=08 •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34612
https://notcve.org/view.php?id=CVE-2024-34612
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=08 •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41241
https://notcve.org/view.php?id=CVE-2024-41241
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Reflected%20XSS%20-%20Admin.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-41239
https://notcve.org/view.php?id=CVE-2024-41239
A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Kashipara Responsive School Management System v1.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field. A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Stored%20XSS.pdf https://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-43160 – WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-43160
Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/store_webp.php file in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/KTN1990/CVE-2024-43160 https://github.com/maybeheisenberg/PoC-for-CVE-2024-43160 https://patchstack.com/database/vulnerability/searchpro/wordpress-berqwp-plugin-1-7-6-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •