CVE-2024-50450 – WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability
https://notcve.org/view.php?id=CVE-2024-50450
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. • https://github.com/RandomRobbieBF/CVE-2024-50450 https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-bypass-vulnerability-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-48514
https://notcve.org/view.php?id=CVE-2024-48514
php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below. • https://github.com/MaestroError/php-heic-to-jpg https://github.com/marcoris/CVEs/tree/master/CVE-2024-48514 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-48963
https://notcve.org/view.php?id=CVE-2024-48963
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. • https://github.com/snyk/snyk-php-plugin/releases/tag/v1.10.0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-48964
https://notcve.org/view.php?id=CVE-2024-48964
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. • https://github.com/snyk/snyk-gradle-plugin/commit/2f5ee7579f00660282dd161a0b79690f4a9c865d • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-20485
https://notcve.org/view.php?id=CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-lce-vU3ekMJ3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •