CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39651 – WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-39651
01 Aug 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/woocommerce-pdf-vouchers/wordpress-woocommerce-pdf-vouchers-plugin-4-9-5-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23920 – ChargePoint Home Flex Improper Access Control
https://notcve.org/view.php?id=CVE-2024-23920
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code<... • https://www.zerodayinitiative.com/advisories/ZDI-24-1048 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23921 – ChargePoint Home Flex Command Injection
https://notcve.org/view.php?id=CVE-2024-23921
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerabil... • https://www.zerodayinitiative.com/advisories/ZDI-24-1049 • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23928 – Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation
https://notcve.org/view.php?id=CVE-2024-23928
01 Aug 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1045 • CWE-863: Incorrect Authorization •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-23929 – Pioneer DMH-WT7600NEX Telematics Directory Traversal
https://notcve.org/view.php?id=CVE-2024-23929
01 Aug 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1044 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23968 – ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23968
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code<... • https://www.zerodayinitiative.com/advisories/ZDI-24-1050 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23969 – ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-23969
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... An attacker can leverage this vulnerability to execute code in the context of root. An attacker can leverage this vulnerability to execute code<... • https://www.zerodayinitiative.com/advisories/ZDI-24-1051 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23971 – ChargePoint Home Flex OCPP bswitch Command Injection
https://notcve.org/view.php?id=CVE-2024-23971
01 Aug 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerabil... • https://www.zerodayinitiative.com/advisories/ZDI-24-1053 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40645 – FOG Authenticated File Upload RCE
https://notcve.org/view.php?id=CVE-2024-40645
31 Jul 2024 — An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. • https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6973 – Remote Code Execution in Cato Windows SDP client via crafted URLs
https://notcve.org/view.php?id=CVE-2024-6973
31 Jul 2024 — Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34. Remote Code Execution in Cato Windows SDP client via crafted URLs. • https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs • CWE-20: Improper Input Validation •