CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2024-10898 – Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-10898
This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. • https://www.wordfence.com/threat-intel/vulnerabilities/id/d82efaa3-ea61-476c-ad1a-60585450c63a?source=cve https://plugins.trac.wordpress.org/browser/cf7-email-add-on/trunk/include/class-cf7-email.php#L110 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44307
https://notcve.org/view.php?id=CVE-2024-44307
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/120911 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44306
https://notcve.org/view.php?id=CVE-2024-44306
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/120911 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9433
https://notcve.org/view.php?id=CVE-2018-9433
This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-07-01 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9365
https://notcve.org/view.php?id=CVE-2018-9365
In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-07-01 •