CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4454 – WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4454
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30279 – ZDI-CAN-22887: Adobe Acrobat Reader DC JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30279
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4662 – Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-4662
The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. ... This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges. • https://oxygenbuilder.com/oxygen-4-8-3-now-available-security-update https://www.wordfence.com/threat-intel/vulnerabilities/id/8706c3f6-64e0-440e-a802-5c80d9cc3643?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 32%CPEs: 1EXPL: 4CVE-2024-5084 – Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5084
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • source=cve https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hash-form/hash-form-drag-drop-form-builder-110-unauthenticated-arbitrary-file-upload-to-remote-code-execution • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 94%CPEs: 28EXPL: 5CVE-2024-21683 – Atlassian Confluence Administrator Code Macro Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-21683
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. ... Esta vulnerabilidad RCE (ejecución remota de código) de alta gravedad se introdujo en la versión 5.2 de Confluence Data Center and Server. Esta vulnerabilidad RCE (ejecución remota de código), con una puntuación CVSS de 8,3, permite a un atacante autenticado ejecutar código arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacción del usuario. • https://github.com/W01fh4cker/CVE-2024-21683-RCE https://github.com/xh4vm/CVE-2024-21683 https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server https://github.com/phucrio/CVE-2024-21683-RCE https://confluence.atlassian.com/pages/viewpage.action? •