CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39001
https://notcve.org/view.php?id=CVE-2024-39001
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39013
https://notcve.org/view.php?id=CVE-2024-39013
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/a2be744675af5ece3240c19fd04fc5e1 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39853
https://notcve.org/view.php?id=CVE-2024-39853
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38992
https://notcve.org/view.php?id=CVE-2024-38992
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/10c88b9069229979ac7e52e0efc98055 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39016
https://notcve.org/view.php?id=CVE-2024-39016
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/865a957857a096221fe6f8b258b282ac • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38990
https://notcve.org/view.php?id=CVE-2024-38990
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/ae5f6b0d8f5d7de716e6af6d189b2169 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38994
https://notcve.org/view.php?id=CVE-2024-38994
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39014
https://notcve.org/view.php?id=CVE-2024-39014
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/0501db31c1a6864a169e47097f26ac57 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37464 – WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37464
01 Jul 2024 — This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wpzoom-addons-for-beaver-builder/wordpress-beaver-builder-addons-by-wpzoom-plugin-1-3-5-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38991
https://notcve.org/view.php?id=CVE-2024-38991
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/8851413e3b33a96f191f0e9c81706532 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •