CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33658 – Buffer Overflow Vulnerability In OFBD
https://notcve.org/view.php?id=CVE-2024-33658
Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-11130 – ZZCMS msg.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11130
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. • https://github.com/En0t5/vul/blob/main/zzcms-msg-xss.md https://vuldb.com/?ctiid.283976 https://vuldb.com/?id.283976 https://vuldb.com/?submit.439699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37365 – FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path
https://notcve.org/view.php?id=CVE-2024-37365
A remote code execution vulnerability exists in the affected product. ... Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10828 – Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details
https://notcve.org/view.php?id=CVE-2024-10828
The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83 https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/core/trait-woe-core-extractor.php#L996 https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10629 – GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10629
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/gpx-viewer/tags/2.2.9/gpx-viewer-admin.php#L144 https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6ff21-52f5-453f-bf97-881c39be1aeb?source=cve • CWE-862: Missing Authorization •