CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41251
https://notcve.org/view.php?id=CVE-2023-41251
08 Jul 2024 — A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1894 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-50244
https://notcve.org/view.php?id=CVE-2023-50244
08 Jul 2024 — A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1895 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-50243
https://notcve.org/view.php?id=CVE-2023-50243
08 Jul 2024 — A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1895 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50330
https://notcve.org/view.php?id=CVE-2023-50330
08 Jul 2024 — A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1903 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49867
https://notcve.org/view.php?id=CVE-2023-49867
08 Jul 2024 — A specially crafted series of HTTP requests can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1904 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27459
https://notcve.org/view.php?id=CVE-2024-27459
08 Jul 2024 — The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. • https://community.openvpn.net/openvpn/wiki/CVE-2024-27459 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6317 – Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-6317
08 Jul 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution poss... • https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L74 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6313 – Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6313
08 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/Utils/Bucket.php#L19 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6123 – Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6123
08 Jul 2024 — This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/bit-form/tags/2.12.2/includes/Admin/AdminAjax.php#L1176 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5441 – Modern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5441
08 Jul 2024 — This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://webnus.net/modern-events-calendar • CWE-434: Unrestricted Upload of File with Dangerous Type •