CVSS: 6.3EPSS: %CPEs: -EXPL: 0CVE-2023-50738 – Lexmark CX331adwe Firmware Downgrade Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50738
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5348 – Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes
https://notcve.org/view.php?id=CVE-2024-5348
This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/nd-elements/trunk/widgets/beforeafter/index.php#L121 https://plugins.trac.wordpress.org/browser/nd-elements/trunk/widgets/eventsgrid/index.php#L113 https://plugins.trac.wordpress.org/browser/nd-elements/trunk/widgets/list/index.php#L401 https://plugins.trac.wordpress.org/browser/nd-elements/trunk/widgets/marquee/index.php#L200 https://plugins.trac.wordpress.org/browser/nd-elements/trunk/widgets/postgrid/index.php#L186 https://plugins.trac.wordpress.org/changeset • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-5511 – Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5511
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5304 – Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5304
Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-24-549 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5269 – Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5269
Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. ... An attacker can leverage this vulnerability to execute code in the context of root. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-545 • CWE-416: Use After Free •