CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39015
https://notcve.org/view.php?id=CVE-2024-39015
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/7ab061d9eb901cc89652e7666ca3ef52 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38996
https://notcve.org/view.php?id=CVE-2024-38996
01 Jul 2024 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 96CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. ... A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. • https://github.com/prelearn-code/CVE-2024-6387 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39840
https://notcve.org/view.php?id=CVE-2024-39840
29 Jun 2024 — Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. • https://memorycorruption.net/posts/rce-lua-factorio • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35139 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2024-35139
28 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35137 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2024-35137
28 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-258: Empty Password in Configuration File •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39348
https://notcve.org/view.php?id=CVE-2024-39348
28 Jun 2024 — Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37424 – WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-37424
28 Jun 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27629
https://notcve.org/view.php?id=CVE-2024-27629
28 Jun 2024 — An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used. • https://github.com/rordenlab/dcm2niix/pull/789 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37410 – WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37410
28 Jun 2024 — This makes it possible for authenticated attackers, with Editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/powerpack-addon-for-beaver-builder/wordpress-powerpack-lite-for-beaver-builder-plugin-1-3-0-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •