CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43221 – WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43221
09 Aug 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/jetgridbuilder/wordpress-jetgridbuilder-plugin-1-1-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41577
https://notcve.org/view.php?id=CVE-2024-41577
09 Aug 2024 — An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. • https://github.com/SENVIEL/learun-upload_file/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 5CVE-2024-41570
https://notcve.org/view.php?id=CVE-2024-41570
09 Aug 2024 — An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server. • https://github.com/HimmeL-Byte/CVE-2024-41570-SSRF-RCE • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-3673 – Web Directory Free < 1.7.3 - Unauthenticated LFI
https://notcve.org/view.php?id=CVE-2024-3673
09 Aug 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://github.com/Nxploited/CVE-2024-3673 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38219 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38219
08 Aug 2024 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43168 – Unbound: heap-buffer-overflow in unbound
https://notcve.org/view.php?id=CVE-2024-43168
08 Aug 2024 — This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. ... • https://access.redhat.com/security/cve/CVE-2024-43168 • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-43167 – Unbound: null pointer dereference in unbound
https://notcve.org/view.php?id=CVE-2024-43167
08 Aug 2024 — A local attacker could potentially use this issue to cause a denial of service or execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2024-43167 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-39791 – Vonets WiFi Bridges Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-39791
08 Aug 2024 — Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42366 – VR Overlay RCE
https://notcve.org/view.php?id=CVE-2024-42366
08 Aug 2024 — In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. • https://github.com/vrcx-team/VRCX/commit/cd2387aa3289f936ce60049121c24b0765bd4180 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 5%CPEs: 5EXPL: 1CVE-2024-42365 – Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
https://notcve.org/view.php?id=CVE-2024-42365
08 Aug 2024 — This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. ... Writing a new extension can be created which performs a system command to achieve RCE as the asterisk service user (typically asterisk). • https://packetstorm.news/files/id/182935 • CWE-267: Privilege Defined With Unsafe Actions CWE-1220: Insufficient Granularity of Access Control •