CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38736 – WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38736
11 Jul 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38704 – WordPress Team Manager plugin <= 2.1.12 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38704
11 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wp-team-manager/wordpress-team-manager-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38715 – WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38715
11 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/exs-widgets/wordpress-exs-widgets-plugin-0-3-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37149 – GLPI allows remote code execution through the plugin loader
https://notcve.org/view.php?id=CVE-2024-37149
10 Jul 2024 — An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. • https://github.com/glpi-project/glpi/security/advisories/GHSA-cwvp-j887-m4xh • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 1CVE-2024-5217 – ServiceNow Incomplete List of Disallowed Inputs Vulnerability
https://notcve.org/view.php?id=CVE-2024-5217
10 Jul 2024 — This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ... This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ... An unauthenticated user could exploit this vulnerability to execute code remotely. • https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 11CVE-2024-4879 – ServiceNow Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4879
10 Jul 2024 — This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ... This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ... An unauthenticated user could exploit this vulnerability to execute code remotely. • https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-39493 – crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
https://notcve.org/view.php?id=CVE-2024-39493
10 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39492 – mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown
https://notcve.org/view.php?id=CVE-2024-39492
10 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/8afe816b0c9944a11adb12628e3b700a08a55d52 • CWE-252: Unchecked Return Value •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39491 – ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
https://notcve.org/view.php?id=CVE-2024-39491
10 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/73cfbfa9caea8eda54b4c6e49a9555533660aa1e •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39490 – ipv6: sr: fix missing sk_buff release in seg6_input_core
https://notcve.org/view.php?id=CVE-2024-39490
10 Jul 2024 — This issue was introduced in commit af3b5158b89d ("ipv6: sr: fix BUG due to headroom too small after SRH push") and persists even after commit 7a3f5b0de364 ("netfilter: add netfilter hooks to SRv6 data plane"), where the entire seg6_input() code was refactored to deal with netfilter hooks. This issue was introduced in commit af3b5158b89d ("ipv6: sr: fix BUG due to headroom too small after SRH push") and persists even after commit 7a3f5b0de364 ("netfilter: add netfilter hooks to SRv6 data plane"), whe... • https://git.kernel.org/stable/c/af3b5158b89d3bab9be881113417558c71b71ca4 • CWE-401: Missing Release of Memory after Effective Lifetime •