CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22116 – Remote code execution within ping script
https://notcve.org/view.php?id=CVE-2024-22116
09 Aug 2024 — An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. • https://support.zabbix.com/browse/ZBX-25016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7399 – Samsung MagicInfo Server getFileFromMultipartFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7399
09 Aug 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicInfo Server. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://security.samsungtv.com/securityUpdates • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0113 – NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0113
09 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NVIDIA Onyx switches. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://nvidia.custhelp.com/app/answers/detail/a_id/5563 • CWE-35: Path Traversal: '.../ •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40478
https://notcve.org/view.php?id=CVE-2024-40478
09 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields • https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50809
https://notcve.org/view.php?id=CVE-2023-50809
09 Aug 2024 — This can result in remote code execution within the kernel. • https://www.sonos.com/en-us/security-advisory-2024-0001 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38989
https://notcve.org/view.php?id=CVE-2024-38989
09 Aug 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/5e9830fb180a34d65f04fafb52d2b94b • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43232 – WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43232
09 Aug 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/timeline-and-history-slider/wordpress-timeline-and-history-slider-plugin-2-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43221 – WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43221
09 Aug 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/jetgridbuilder/wordpress-jetgridbuilder-plugin-1-1-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41577
https://notcve.org/view.php?id=CVE-2024-41577
09 Aug 2024 — An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. • https://github.com/SENVIEL/learun-upload_file/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 5CVE-2024-41570
https://notcve.org/view.php?id=CVE-2024-41570
09 Aug 2024 — An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server. • https://github.com/HimmeL-Byte/CVE-2024-41570-SSRF-RCE • CWE-918: Server-Side Request Forgery (SSRF) •