CVE-2024-37732
https://notcve.org/view.php?id=CVE-2024-37732
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. • https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2024-33898
https://notcve.org/view.php?id=CVE-2024-33898
An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. ... An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. • https://www.axiros.com/2024/03/vulnerability-in-axusermanager • CWE-284: Improper Access Control •
CVE-2024-5443 – Remote Code Execution via Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-5443
Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. • https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f https://huntr.com/bounties/db52848a-4dbe-4110-a981-03739834bf45 • CWE-29: Path Traversal: '\..\filename' •
CVE-2024-5450 – Bug Library < 2.1.1 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-5450
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/d91217bc-9f8f-4971-885e-89edc45b2a4d • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-5080 – WP eMember < 10.6.6 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5080
This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2 • CWE-434: Unrestricted Upload of File with Dangerous Type •