CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51919 – WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51919
03 Jan 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43767
https://notcve.org/view.php?id=CVE-2024-43767
02 Jan 2025 — This could lead to remote code execution with no additional execution privileges needed. • https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56137 – MaxKB RCE vulnerability in function library
https://notcve.org/view.php?id=CVE-2024-56137
02 Jan 2025 — Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. • https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-76w2-2g72-cg85 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55955 – Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55955
31 Dec 2024 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator at medium integrity. • https://success.trendmicro.com/en-US/solution/KA-0018571 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55917 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55917
31 Dec 2024 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One NT Listener service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55632 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55632
31 Dec 2024 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One NT RealTime Scan service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTE... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55631 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55631
31 Dec 2024 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Damage Cleanup Engine. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52050 – Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-52050
31 Dec 2024 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Common Client Log Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of S... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52049 – Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-52049
31 Dec 2024 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Common Client Log Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of S... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52048 – Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-52048
31 Dec 2024 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Common Client Log Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of S... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-266: Incorrect Privilege Assignment •