CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22122 – AT(GSM) Command Injection
https://notcve.org/view.php?id=CVE-2024-22122
09 Aug 2024 — Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. • https://support.zabbix.com/browse/ZBX-25012 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7399 – Samsung MagicInfo Server getFileFromMultipartFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7399
09 Aug 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicInfo Server. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://security.samsungtv.com/securityUpdates • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0113 – NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0113
09 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NVIDIA Onyx switches. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://nvidia.custhelp.com/app/answers/detail/a_id/5563 • CWE-35: Path Traversal: '.../ •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40478
https://notcve.org/view.php?id=CVE-2024-40478
09 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields • https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50809
https://notcve.org/view.php?id=CVE-2023-50809
09 Aug 2024 — This can result in remote code execution within the kernel. • https://www.sonos.com/en-us/security-advisory-2024-0001 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38989
https://notcve.org/view.php?id=CVE-2024-38989
09 Aug 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/5e9830fb180a34d65f04fafb52d2b94b • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43232 – WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43232
09 Aug 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/timeline-and-history-slider/wordpress-timeline-and-history-slider-plugin-2-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40479
https://notcve.org/view.php?id=CVE-2024-40479
09 Aug 2024 — A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. • https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43221 – WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43221
09 Aug 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/jetgridbuilder/wordpress-jetgridbuilder-plugin-1-1-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41577
https://notcve.org/view.php?id=CVE-2024-41577
09 Aug 2024 — An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. • https://github.com/SENVIEL/learun-upload_file/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •