CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30997 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30997
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30998 – IBM Security Access Manager Docker privilege escalation
https://notcve.org/view.php?id=CVE-2023-30998
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35260 – Microsoft Dataverse Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-35260
27 Jun 2024 — An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network. Vulnerabilidad de ejecución remota de código de Microsoft Dataverse An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36041 – Debian Security Advisory 5723-1
https://notcve.org/view.php?id=CVE-2024-36041
27 Jun 2024 — ., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. ... Fabian Vogt discovered that the KDE session management server insufficiently restricted ICE connections from localhost, which could allow a local attacker to execute arbitrary code as another user on next boot. • https://github.com/KDE/plasma-workspace/tags • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39705
https://notcve.org/view.php?id=CVE-2024-39705
27 Jun 2024 — NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. • https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706 • CWE-300: Channel Accessible by Non-Endpoint CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39669
https://notcve.org/view.php?id=CVE-2024-39669
27 Jun 2024 — A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security. • https://bookstack.soffid.com/books/security-advisories/page/cve-2024-39669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37268 – WordPress Striking theme <= 2.3.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37268
27 Jun 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/striking-r/wordpress-striking-theme-2-3-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6164 – Filter & Grids < 2.8.33 - Unauthenticated LFI
https://notcve.org/view.php?id=CVE-2024-6164
27 Jun 2024 — This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be upl... • https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36072
https://notcve.org/view.php?id=CVE-2024-36072
27 Jun 2024 — Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-779: Logging of Excessive Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36073
https://notcve.org/view.php?id=CVE-2024-36073
27 Jun 2024 — Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or Unify server to overwrite sensitive configuration and subsequently execute system commands with SYSTEM/root privileges on a chosen client endpoint. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •