CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6793 – Deserialization of Untrusted Data in NI VeriStand DataLogging Server
https://notcve.org/view.php?id=CVE-2024-6793
22 Jul 2024 — A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. ... An attacker can leverage this vulnerability to exec... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6791 – Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files
https://notcve.org/view.php?id=CVE-2024-6791
22 Jul 2024 — A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/directory-path-traversal-vulnerability-in-ni-veristand-with-vsmodel-files.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6675 – Deserialization of Untrusted Data Vulnerability in NI VeriStand Project File
https://notcve.org/view.php?id=CVE-2024-6675
22 Jul 2024 — A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerability-in-ni-veristand-project-file.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6121 – NI SystemLink Server Ships Out of Date Redis Version
https://notcve.org/view.php?id=CVE-2024-6121
22 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/ni-systemlink-server-ships-out-of-date-redis-version.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6885 – MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles <= 1.9.2 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-6885
22 Jul 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/maxi-blocks/tags/1.9.2/core/class-maxi-image-crop.php#L100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6828 – Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-6828
22 Jul 2024 — This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution. • https://core.trac.wordpress.org/browser/tags/6.5.4/src/wp-includes/class-wp-theme-json.php#L1690 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39621 – WordPress ListingPro plugin <= 2.9.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-39621
22 Jul 2024 — This makes it possible for authenticated attackers, with author-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28698
https://notcve.org/view.php?id=CVE-2024-28698
22 Jul 2024 — Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. • https://www.intruder.io/research/path-traversal-and-code-execution-in-csla-net-cve-2024-28698 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39624 – WordPress ListingPro theme <= 2.9.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-39624
22 Jul 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-9-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39619 – WordPress ListingPro plugin <= 2.9.3 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-39619
22 Jul 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •