CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20148
https://notcve.org/view.php?id=CVE-2024-20148
06 Jan 2025 — This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/January-2025 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20146
https://notcve.org/view.php?id=CVE-2024-20146
06 Jan 2025 — This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/January-2025 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20154
https://notcve.org/view.php?id=CVE-2024-20154
06 Jan 2025 — This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/January-2025 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12471 – Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-12471
06 Jan 2025 — This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-12471 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-9140
https://notcve.org/view.php?id=CVE-2024-9140
03 Jan 2025 — This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53842
https://notcve.org/view.php?id=CVE-2024-53842
03 Jan 2025 — This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-56278 – WordPress WP Ultimate Exporter plugin <= 2.9.1 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-56278
03 Jan 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through 2.9.1. ... The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access a... • https://patchstack.com/database/wordpress/plugin/wp-ultimate-exporter/vulnerability/wordpress-wp-ultimate-exporter-plugin-2-9-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55078
https://notcve.org/view.php?id=CVE-2024-55078
03 Jan 2025 — An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. • https://gist.github.com/summerxxoo/8a0c9905feda6e192c10b860888afd26 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43243 – WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-43243
03 Jan 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/job-board-light/vulnerability/wordpress-jobboard-job-listing-plugin-1-2-6-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12583 – Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection
https://notcve.org/view.php?id=CVE-2024-12583
03 Jan 2025 — The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. ... This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/integration-dynamics/trunk/src/Shortcode/Twig.php#L53 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •