CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4936 – Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
https://notcve.org/view.php?id=CVE-2024-4936
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. • https://plugins.trac.wordpress.org/browser/canto/trunk/includes/lib/sizes.php#L15 https://www.wordfence.com/threat-intel/vulnerabilities/id/95a68ae0-36da-499b-a09d-4c91db8aa338?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 9CVE-2024-2023 – Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload
https://notcve.org/view.php?id=CVE-2024-2023
The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server. El complemento Folders and Folders Pro para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 3.0 en Folders y la 3.0.2 en Folders Pro a través de la función 'handle_folders_file_upload'. Esto hace posible que atacantes autenticados, con acceso de autor y superior, carguen archivos en ubicaciones arbitrarias del servidor. • https://github.com/W01fh4cker/CVE-2024-27198-RCE https://github.com/dinosn/CVE-2024-20931 https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887 https://github.com/seajaysec/Ivanti-Connect-Around-Scan https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887 https://github.com/team890/CVE-2023-2024 https://github.com/actuator/yi https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped https://github.com/UnHackerEnCapital/PDFernetRemotelo https:&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29169
https://notcve.org/view.php?id=CVE-2024-29169
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29168
https://notcve.org/view.php?id=CVE-2024-29168
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. • https://www.dell.com/support/kbdoc/en-us/000225910/dsa-2024-181-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20753 – Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20753
An attacker could leverage this vulnerability to execute code in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb24-27.html • CWE-125: Out-of-bounds Read •