CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43165 – WordPress WPSection plugin <= 1.3.8 - Contributor+ Limited Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43165
07 Aug 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wpsection/wordpress-wpsection-plugin-1-3-8-contributor-limited-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43140 – WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43140
07 Aug 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/ultimate-bootstrap-elements-for-elementor/wordpress-ultimate-bootstrap-elements-for-elementor-plugin-1-4-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42393 – Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42393
06 Aug 2024 — There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42394 – Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42394
06 Aug 2024 — There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42395 – Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42395
06 Aug 2024 — There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US • CWE-295: Improper Certificate Validation •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7502 – Delta Electronics DIAScreen Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-7502
06 Aug 2024 — A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-219-01 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-7530 – Gentoo Linux Security Advisory 202412-04
https://notcve.org/view.php?id=CVE-2024-7530
06 Aug 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1904011 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-7531 – Debian Security Advisory 5740-1
https://notcve.org/view.php?id=CVE-2024-7531
06 Aug 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1905691 •
CVSS: 8.1EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7529 – mozilla: Document content could partially obscure security prompts
https://notcve.org/view.php?id=CVE-2024-7529
06 Aug 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1903187 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7527 – mozilla: Use-after-free in JavaScript garbage collection
https://notcve.org/view.php?id=CVE-2024-7527
06 Aug 2024 — If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871303 • CWE-416: Use After Free •