CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37932 – WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-37932
09 Jul 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37873
https://notcve.org/view.php?id=CVE-2024-37873
09 Jul 2024 — SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. • https://github.com/TThuyyy/cve1/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5807 – Business Card <= 1.0.0 - Admin+ File Upload
https://notcve.org/view.php?id=CVE-2024-5807
09 Jul 2024 — The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39069
https://notcve.org/view.php?id=CVE-2024-39069
09 Jul 2024 — An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack. • https://github.com/AungSoePaing/CVE-2024-39069 • CWE-491: Public cloneable() Method Without Final ('Object Hijack') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37872
https://notcve.org/view.php?id=CVE-2024-37872
09 Jul 2024 — SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. • https://github.com/TThuyyy/cve1/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38959
https://notcve.org/view.php?id=CVE-2024-38959
09 Jul 2024 — Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter. • https://medium.com/%40geetmadan22/reflected-cross-site-scripting-on-academy-lms-learning-management-system-product-4ab04ef51022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 14EXPL: 0CVE-2024-6409 – Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
https://notcve.org/view.php?id=CVE-2024-6409
08 Jul 2024 — If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. ... As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. ... Issues addressed include a code execution vulnerability. • http://www.openwall.com/lists/oss-security/2024/07/08/2 • CWE-364: Signal Handler Race Condition •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-47856
https://notcve.org/view.php?id=CVE-2023-47856
08 Jul 2024 — A specially crafted series of network requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1892 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-50240
https://notcve.org/view.php?id=CVE-2023-50240
08 Jul 2024 — A specially crafted series of network requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-50239
https://notcve.org/view.php?id=CVE-2023-50239
08 Jul 2024 — A specially crafted series of network requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •