CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40552
https://notcve.org/view.php?id=CVE-2024-40552
12 Jul 2024 — PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. • https://gitee.com/sanluan/PublicCMS/issues/IAAMMU •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40518
https://notcve.org/view.php?id=CVE-2024-40518
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2602
https://notcve.org/view.php?id=CVE-2024-2602
11 Jul 2024 — CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38717 – WordPress Booking Ultra Pro Appointments Booking Calendar plugin <= 1.1.13 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38717
11 Jul 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-appointments-booking-calendar-plugin-1-1-13-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26006
https://notcve.org/view.php?id=CVE-2024-26006
11 Jul 2024 — A remote attacker can trick the victim into bookmarking a malicious samba server, then opening the bookmark and execute arbitrary HTML and script code in user's browser in context of vulnerable website. Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks. •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38716 – WordPress Events Calendar for Google plugin <= 2.1.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38716
11 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/events-calendar-for-google/wordpress-events-calendar-for-google-plugin-2-1-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38734 – WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38734
11 Jul 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/import-spreadsheets-from-microsoft-excel/wordpress-import-spreadsheets-from-microsoft-excel-plugin-10-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 355EXPL: 0CVE-2024-36435
https://notcve.org/view.php?id=CVE-2024-36435
11 Jul 2024 — An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC. • https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Jul_2024 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38709 – WordPress GD Rating System plugin <= 3.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38709
11 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/gd-rating-system/wordpress-gd-rating-system-plugin-3-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38735 – WordPress Event post plugin <= 5.9.5 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38735
11 Jul 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/event-post/wordpress-event-post-plugin-5-9-5-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •