CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-51142
https://notcve.org/view.php?id=CVE-2024-51142
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. • https://infosecwriteups.com/chamilo-lms-authentication-bypass-and-cross-site-scripting-stored-3fcb874ac7c1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-51330
https://notcve.org/view.php?id=CVE-2024-51330
An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components, Ultimaker 3D Printers. • https://gist.github.com/HalaAli198/ff06d7a94c06cdfb821dec4d6303e01b •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10728 – PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-10728
This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. • https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Importer.php#L94 https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Initialization.php#L330 https://plugins.trac.wordpress.org/changeset/3188636/ultimate-post/trunk/classes/Importer.php https://wordpress.org/plugins/ultimate-post https://www.wordfence.com/threat-intel/vulnerabilities/id/076f36fb-c2fb-43e0-a027-1351d3995489?source=cve • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-49592 – McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-49592
The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the McAfee Direct Stub Installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. • https://www.mcafee.com/support/s/article/000002516?language=en_US •
CVSS: 8.8EPSS: 4%CPEs: -EXPL: 0CVE-2024-44625
https://notcve.org/view.php?id=CVE-2024-44625
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go. • https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs https://gogs.io • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •