CVE-2024-33898
https://notcve.org/view.php?id=CVE-2024-33898
An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. ... An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. • https://www.axiros.com/2024/03/vulnerability-in-axusermanager • CWE-284: Improper Access Control •
CVE-2024-5443 – Remote Code Execution via Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-5443
Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. • https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f https://huntr.com/bounties/db52848a-4dbe-4110-a981-03739834bf45 • CWE-29: Path Traversal: '\..\filename' •
CVE-2024-5450 – Bug Library < 2.1.1 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-5450
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/d91217bc-9f8f-4971-885e-89edc45b2a4d • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-5080 – WP eMember < 10.6.6 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5080
This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-37898 – Safe mode Cross-site Scripting (XSS) vulnerability in Joplin
https://notcve.org/view.php?id=CVE-2023-37898
A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •