CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38989
https://notcve.org/view.php?id=CVE-2024-38989
09 Aug 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/5e9830fb180a34d65f04fafb52d2b94b • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43232 – WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43232
09 Aug 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/timeline-and-history-slider/wordpress-timeline-and-history-slider-plugin-2-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40479
https://notcve.org/view.php?id=CVE-2024-40479
09 Aug 2024 — A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. • https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43221 – WordPress JetGridBuilder plugin <= 1.1.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43221
09 Aug 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/jetgridbuilder/wordpress-jetgridbuilder-plugin-1-1-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41577
https://notcve.org/view.php?id=CVE-2024-41577
09 Aug 2024 — An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. • https://github.com/SENVIEL/learun-upload_file/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 5CVE-2024-41570
https://notcve.org/view.php?id=CVE-2024-41570
09 Aug 2024 — An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server. • https://github.com/HimmeL-Byte/CVE-2024-41570-SSRF-RCE • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-3673 – Web Directory Free < 1.7.3 - Unauthenticated LFI
https://notcve.org/view.php?id=CVE-2024-3673
09 Aug 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://github.com/Nxploited/CVE-2024-3673 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38219 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38219
08 Aug 2024 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43168 – Unbound: heap-buffer-overflow in unbound
https://notcve.org/view.php?id=CVE-2024-43168
08 Aug 2024 — This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. ... This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. ... A local attacker could potentially use this issue to cause a denial of service or execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2024-43168 • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-43167 – Unbound: null pointer dereference in unbound
https://notcve.org/view.php?id=CVE-2024-43167
08 Aug 2024 — A local attacker could potentially use this issue to cause a denial of service or execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2024-43167 • CWE-476: NULL Pointer Dereference •