CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28698
https://notcve.org/view.php?id=CVE-2024-28698
22 Jul 2024 — Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. • https://www.intruder.io/research/path-traversal-and-code-execution-in-csla-net-cve-2024-28698 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39624 – WordPress ListingPro theme <= 2.9.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-39624
22 Jul 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-9-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39619 – WordPress ListingPro plugin <= 2.9.3 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-39619
22 Jul 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34329
https://notcve.org/view.php?id=CVE-2024-34329
22 Jul 2024 — Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. • https://github.com/pamoutaf/CVE-2024-34329 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24507
https://notcve.org/view.php?id=CVE-2024-24507
22 Jul 2024 — Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. • https://gist.github.com/Xandsz/2b409acb81e846fc3478600f984785a1 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38944
https://notcve.org/view.php?id=CVE-2024-38944
22 Jul 2024 — An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi? • https://gist.github.com/LemonSec/6aaea8320187a38e1a398fa321f12303 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24102
https://notcve.org/view.php?id=CVE-2020-24102
22 Jul 2024 — Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code. • https://medium.com/%40prizmant/hacking-punkbuster-e22e6cf2f36e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6960 – H2O deserializes ML models without filtering, potentially allowing execution of malicious code
https://notcve.org/view.php?id=CVE-2024-6960
21 Jul 2024 — An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform. • https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40347
https://notcve.org/view.php?id=CVE-2024-40347
20 Jul 2024 — A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. • https://github.com/4rdr/proofs/blob/main/info/Alfresco_Reflected_XSS_via_htmlid_parameter.md •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39906 – Remote code execution in Haven IndieAuthClient (GHSL-2024-093)
https://notcve.org/view.php?id=CVE-2024-39906
19 Jul 2024 — This leads to the immediate execution of the provided commands when the link is accessed by the authenticated administrator. This issue may lead to Remote Code Execution (RCE) and has been addressed by commit `c52f07c`. ... Este problema puede provocar la ejecución remota de código (RCE) y se solucionó mediante la confirmación `c52f07c`. • https://github.com/havenweb/haven/commit/c52f07c • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •