CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48514
https://notcve.org/view.php?id=CVE-2024-48514
24 Oct 2024 — php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. ... This affects php-heic-to-jpg 1.0.5 and below. php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. • https://github.com/MaestroError/php-heic-to-jpg • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50450 – WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability
https://notcve.org/view.php?id=CVE-2024-50450
24 Oct 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.4. ... This makes it possible for unauthenticated at... • https://github.com/RandomRobbieBF/CVE-2024-50450 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41617
https://notcve.org/view.php?id=CVE-2024-41617
24 Oct 2024 — The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution. • https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48454
https://notcve.org/view.php?id=CVE-2024-48454
24 Oct 2024 — An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin? • https://github.com/N0zoM1z0/CVEs/blob/main/CVE-2024-48454.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50420 – WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50420
24 Oct 2024 — The aDirectory – Directory Listing WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48423
https://notcve.org/view.php?id=CVE-2024-48423
24 Oct 2024 — An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. • https://github.com/assimp/assimp/issues/5788 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8025 – Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8025
24 Oct 2024 — Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. ... An attacker can leverage this vulnerability to execute code in the context of the current pr... • https://downloadcenter.nikonimglib.com/en/download/sw/259.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46478 – Ubuntu Security Notice USN-7225-1
https://notcve.org/view.php?id=CVE-2024-46478
24 Oct 2024 — An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://github.com/michaelrsweet/htmldoc/commit/683bec548e642cf4a17e003fb34f6bbaf2d27b98 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50442 – WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability
https://notcve.org/view.php?id=CVE-2024-50442
24 Oct 2024 — This makes it possible for authenticated attackers, with author-level access and above, to inject external entities and perform other attacks like SSRF and remote code execution in the proper configuration. • https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-980-xml-external-entity-xxe-vulnerability?_s_id=cve • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50427 – WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50427
24 Oct 2024 — The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.9.136. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/surveyjs/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •