CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7244 – Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7244
29 Jul 2024 — Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SY... • https://www.zerodayinitiative.com/advisories/ZDI-24-1014 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7238 – VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7238
29 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-1011 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7232 – Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7232
29 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-1004 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6451 – AI Engine < 2.5.1 - Admin+ RCE
https://notcve.org/view.php?id=CVE-2024-6451
29 Jul 2024 — AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. ... The AI Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the /wp-json/mwai/v1/settings/update REST API endpoint. ... This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33365
https://notcve.org/view.php?id=CVE-2024-33365
29 Jul 2024 — Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. • https://hackmd.io/%40JohnathanHuuTri/rJNbEItJC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7230 – Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7230
29 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-1000 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7237 – AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7237
29 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-1007 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6459 – News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI
https://notcve.org/view.php?id=CVE-2024-6459
27 Jul 2024 — This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be... • https://wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41119 – streamlit-geospatial remote code execution in pages/8_🏜️_Raster_Data_Visualization.py
https://notcve.org/view.php?id=CVE-2024-41119
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_🏜️_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. ... _Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41117 – Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py
https://notcve.org/view.php?id=CVE-2024-41117
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_🌍_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. ... _Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •