CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-50965
https://notcve.org/view.php?id=CVE-2024-50965
Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script • https://openjournaltheme.com/urgent-critical-vulnerabilities-in-3-3-0-18-upgrade-your-ojs-now • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9660 – School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9660
This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/school-management-system-for-wordpress/11470032 https://www.wordfence.com/threat-intel/vulnerabilities/id/1b36fc50-7573-466e-883e-8d26f243c4d0?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9659 – School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9659
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/school-management-system-for-wordpress/11470032 https://www.wordfence.com/threat-intel/vulnerabilities/id/ff1f303f-17fc-4006-b21b-5846216995da?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52052 – Stream Target Remote Code Execution in Wowza Streaming Engine
https://notcve.org/view.php?id=CVE-2024-52052
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. • https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11320 – Command Injection leading to RCE via LDAP Misconfiguration
https://notcve.org/view.php?id=CVE-2024-11320
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •