CVE-2024-9575 – Local File Inclusion in pretix-widget WordPress plugin
https://notcve.org/view.php?id=CVE-2024-9575
This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://pretix.eu/about/en/blog/20241009-wordpress-plugin-1-0-6 https://patchstack.com/database/vulnerability/pretix-widget/wordpress-pretix-widget-plugin-1-0-5-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVE-2024-47823 – Livewire Remote Code Execution (RCE) on File Uploads
https://notcve.org/view.php?id=CVE-2024-47823
If the following criteria are met, the attacker can carry out an RCE attack: 1. ... Webserver is configured to execute “.php” files. ... If the following criteria are met, the attacker can carry out an RCE attack: 1. ... Webserver is configured to execute “.php” files. • https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5 https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp https://github.com/livewire/livewire/pull/8624 https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9 • CWE-20: Improper Input Validation •
CVE-2024-43488 – Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43488
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43488 • CWE-306: Missing Authentication for Critical Function •
CVE-2024-43611 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43611
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43611 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •
CVE-2024-43599 – Remote Desktop Client Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43599
Remote Desktop Client Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43599 • CWE-416: Use After Free •