CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-34831 – GibbonEdu Core 26.0.00 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-34831
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. • https://github.com/enzored/CVE-2024-34831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-44676
https://notcve.org/view.php?id=CVE-2024-44676
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. • https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md https://github.com/elunez/eladmin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39384 – Premiere Pro | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-39384
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. • https://helpx.adobe.com/security/products/premiere_pro/apsb24-58.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43760 – Photoshop Desktop | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-43760
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. • https://helpx.adobe.com/security/products/photoshop/apsb24-72.html • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7626 – WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) <= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read
https://notcve.org/view.php?id=CVE-2024-7626
This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=cve https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.6.7/src/dashboard/class-delicious-recipes-form-handler.php#L260 https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.6.7/src/dashboard/class-delicious-recipes-form-handler.php#L355 https://plugins.trac.wordpress.org/changeset/3148996/delicious-recipes/trunk/src/dashboard/class-delicious-recipes-form-handler.php • CWE-73: External Control of File Name or Path •