CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38370 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38370
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38368 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38368
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions CWE-863: Incorrect Authorization •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30997 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30997
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30998 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30998
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35260 – Microsoft Dataverse Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-35260
27 Jun 2024 — An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network. Vulnerabilidad de ejecución remota de código de Microsoft Dataverse An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36041 – Debian Security Advisory 5723-1
https://notcve.org/view.php?id=CVE-2024-36041
27 Jun 2024 — ., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. ... Fabian Vogt discovered that the KDE session management server insufficiently restricted ICE connections from localhost, which could allow a local attacker to execute arbitrary code as another user on next boot. • https://github.com/KDE/plasma-workspace/tags • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39705
https://notcve.org/view.php?id=CVE-2024-39705
27 Jun 2024 — NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. • https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706 • CWE-300: Channel Accessible by Non-Endpoint CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39669
https://notcve.org/view.php?id=CVE-2024-39669
27 Jun 2024 — A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security. • https://bookstack.soffid.com/books/security-advisories/page/cve-2024-39669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37268 – WordPress Striking theme <= 2.3.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37268
27 Jun 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/striking-r/wordpress-striking-theme-2-3-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6164 – Filter & Grids < 2.8.33 - Unauthenticated LFI
https://notcve.org/view.php?id=CVE-2024-6164
27 Jun 2024 — This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be upl... • https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •