CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-9731 – Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9731
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10820 – WooCommerce Upload Files <= 84.3 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10820
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/woocommerce-upload-files/11442983 https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-28726
https://notcve.org/view.php?id=CVE-2024-28726
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. • https://github.com/Mrnmap/mrnmap-cve https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-28726 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-11079 – Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
https://notcve.org/view.php?id=CVE-2024-11079
This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. • https://access.redhat.com/security/cve/CVE-2024-11079 https://bugzilla.redhat.com/show_bug.cgi?id=2325171 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11078 – code-projects Job Recruitment register.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11078
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. ... In code-projects Job Recruitment 1.0 wurde eine Schwachstelle gefunden. • https://code-projects.org https://github.com/UnrealdDei/cve/blob/main/xss.md https://vuldb.com/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •