CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35746 – WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-35746
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/bp-cover/wordpress-buddypress-cover-plugin-2-1-4-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37289 – Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-37289
An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-577 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35677 – WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-35677
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/stm-megamenu/wordpress-megamenu-plugin-2-3-12-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30374 – Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30374
Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-24-566 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5597 – Fuji Electric Monitouch V-SFT Type Confusion
https://notcve.org/view.php?id=CVE-2024-5597
Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •