CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35677 – WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-35677
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/stm-megamenu/wordpress-megamenu-plugin-2-3-12-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30374 – Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30374
Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-24-566 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5597 – Fuji Electric Monitouch V-SFT Type Confusion
https://notcve.org/view.php?id=CVE-2024-5597
Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30375 – Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30375
Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-24-565 • CWE-416: Use After Free •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30889
https://notcve.org/view.php?id=CVE-2024-30889
Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters. • https://github.com/robymontyz/pocs/blob/main/AudimexEE/ReflectedXSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •