CVSS: 8.8EPSS: 55%CPEs: 1EXPL: 0CVE-2024-45507 – Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
https://notcve.org/view.php?id=CVE-2024-45507
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. Vulnerabilidad de Server-Side Request Forgery (SSRF) y control inadecuado de la generación de código ('inyección de código') en Apache OFBiz. Este problema afecta a Apache OFBiz: anterior a la versión 18.12.16. Se recomienda a los usuarios que actualicen a la versión 18.12.16, que soluciona el problema. • https://issues.apache.org/jira/browse/OFBIZ-13132 https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34660
https://notcve.org/view.php?id=CVE-2024-34660
Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-34657
https://notcve.org/view.php?id=CVE-2024-34657
Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34656
https://notcve.org/view.php?id=CVE-2024-34656
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7627 – Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition
https://notcve.org/view.php?id=CVE-2024-7627
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. • https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L39 https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L88 https://plugins.trac.wordpress.org/changeset/3138710 https://www.wordfence.com/threat-intel/vulnerabilities/id/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •