CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-51776
https://notcve.org/view.php?id=CVE-2023-51776
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions •
CVSS: 8.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-22106
https://notcve.org/view.php?id=CVE-2024-22106
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). • https://jungo.com/windriver/versions • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-25086
https://notcve.org/view.php?id=CVE-2024-25086
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-26314
https://notcve.org/view.php?id=CVE-2024-26314
02 Jul 2024 — Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37479 – WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37479
02 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-25088
https://notcve.org/view.php?id=CVE-2024-25088
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38366 – CoacoaPods trunk RCE in email verification system rfc-822
https://notcve.org/view.php?id=CVE-2024-38366
01 Jul 2024 — This lookup could be manipulated to also execute a command on the trunk server, effectively giving root access to the server and the infrastructure. ... This RCE triggered a full user-session reset, as an attacker could have used this method to write to any Podspec in trunk. trunk.cocoapods.org es el servidor de autenticación para el administrador de dependencias de CoacoaPods. ... Este RCE desencadenó un restablecimiento completo de la sesión del usuario, ya... • https://evasec.webflow.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods#2-remote-code-execution-on-the-cocoapods-trunk-server • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38477 – Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
https://notcve.org/view.php?id=CVE-2024-38477
01 Jul 2024 — A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ... A remote attacker could possibly use this issue to bypass authentication. ... A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. ... A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attac... • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-38476 – Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
https://notcve.org/view.php?id=CVE-2024-38476
01 Jul 2024 — A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ... A remote attacker could possibly use this issue to bypass authentication. ... A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. ... A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attac... • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-38473 – Apache HTTP Server proxy encoding problem
https://notcve.org/view.php?id=CVE-2024-38473
01 Jul 2024 — A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ... A remote attacker could possibly use this issue to bypass authentication. ... A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. ... A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attac... • https://github.com/Abdurahmon3236/CVE-2024-38473 • CWE-116: Improper Encoding or Escaping of Output •