CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46964
https://notcve.org/view.php?id=CVE-2024-46964
The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component. • https://github.com/actuator/com.video.downloader.all/blob/main/CVE-2024-46964 https://play.google.com/store/apps/details?id=com.video.downloader.all • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46965
https://notcve.org/view.php?id=CVE-2024-46965
The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component. • https://github.com/actuator/allvideo.downloader.browser/blob/main/CVE-2024-46965 https://play.google.com/store/apps/details?id=allvideo.downloader.browser • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46966
https://notcve.org/view.php?id=CVE-2024-46966
The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. • https://github.com/actuator/mn.ikhgur.khotoch/blob/main/CVE-2024-46966 https://play.google.com/store/apps/details?id=mn.ikhgur.khotoch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52004 – Remote code execution vulnerabilities in MediaCMS
https://notcve.org/view.php?id=CVE-2024-52004
MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. • https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md https://github.com/mediacms-io/mediacms/security/advisories/GHSA-x3p4-4442-q2c3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10547 – WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10547
The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/wp-membership/10066554 https://www.wordfence.com/threat-intel/vulnerabilities/id/664e6e2a-faa1-4609-b250-d7e94c5d5a04?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •