CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-50986
https://notcve.org/view.php?id=CVE-2024-50986
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. • https://github.com/clementine-player/Clementine https://github.com/riftsandroses/CVE-2024-50986 https://www.clementine-player.org •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51141
https://notcve.org/view.php?id=CVE-2024-51141
An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components. • https://infosecwriteups.com/dll-hijacking-in-totolink-a600ub-driver-installer-13787c4d97b4 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-51142
https://notcve.org/view.php?id=CVE-2024-51142
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. • https://infosecwriteups.com/chamilo-lms-authentication-bypass-and-cross-site-scripting-stored-3fcb874ac7c1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-51330
https://notcve.org/view.php?id=CVE-2024-51330
An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components, Ultimaker 3D Printers. • https://gist.github.com/HalaAli198/ff06d7a94c06cdfb821dec4d6303e01b •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10728 – PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-10728
This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. • https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Importer.php#L94 https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.1.16/classes/Initialization.php#L330 https://plugins.trac.wordpress.org/changeset/3188636/ultimate-post/trunk/classes/Importer.php https://wordpress.org/plugins/ultimate-post https://www.wordfence.com/threat-intel/vulnerabilities/id/076f36fb-c2fb-43e0-a027-1351d3995489?source=cve • CWE-862: Missing Authorization •