CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45707 – HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45707
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7261 – Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7261
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://issues.chromium.org/issues/40064602 • CWE-233: Improper Handling of Parameters •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36082 – Music Store - WordPress eCommerce <= 1.1.13 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-36082
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. ... The Music Store – WordPress eCommerce plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://jvn.jp/en/jp/JVN79213252 https://plugins.trac.wordpress.org/changeset?new=3085975%40music-store%2Ftrunk%2Fmusic-store.php&old=3079647%40music-store%2Ftrunk%2Fmusic-store.php https://wordpress.org/plugins/music-store • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-36774
https://notcve.org/view.php?id=CVE-2024-36774
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/OoLs5/VulDiscovery/blob/main/poc.docx • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-36840 – Boelter Blue System Management 1.3 SQL Injection
https://notcve.org/view.php?id=CVE-2024-36840
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. ... Boelter Blue System Management version 1.3 suffers from a remote SQL injection vulnerability. • http://seclists.org/fulldisclosure/2024/Jun/0 https://infosec-db.github.io/CyberDepot/vuln_boelter_blue https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.html https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US https://sploitus.com/exploit?id=PACKETSTORM:178978 https://vuldb.com/?id.267594 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •