CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4442 – Salon booking system <= 9.8 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-4442
This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. ... This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/9.8/src/SLN/Action/Ajax/RemoveUploadedFile.php#L5 https://plugins.trac.wordpress.org/changeset/3088196/salon-booking-system#file14 https://www.wordfence.com/threat-intel/vulnerabilities/id/eaafeadd-f44c-49b1-b900-ef40800c629e?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5023 – Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE
https://notcve.org/view.php?id=CVE-2024-5023
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Netflix ConsoleMe permite la inyección de comando. Este problema afecta a ConsoleMe: versiones anteriores a 1.4.0. • https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-002.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48643
https://notcve.org/view.php?id=CVE-2023-48643
Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. • https://github.com/takeshixx/tac_plus-pre-auth-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-3640 – Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
https://notcve.org/view.php?id=CVE-2024-3640
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. ... Existe una ruta ejecutable sin comillas en Rockwell Automation FactoryTalk® Remote Access™ que, si se explota, podría provocar la ejecución remota de código. • https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html • CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3551 – Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-3551
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://github.com/efekaanakkar/CVE-2024-35511 https://themeforest.net/item/soledad-multiconcept-blogmagazine-wp-theme/12945398 https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f8df3a-f247-4365-a9f6-6124065b4883?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •