CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3229 – Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-3229
18 Jun 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3103584/salon-booking-system/trunk/src/SLN/Action/Ajax/ImportAssistants.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6147 – Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6147
18 Jun 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and ... • https://www.zerodayinitiative.com/advisories/ZDI-24-802 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6144 – Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6144
18 Jun 2024 — Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code<... • https://www.zerodayinitiative.com/advisories/ZDI-24-807 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6154 – Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6154
18 Jun 2024 — An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. An attacker can leverage thi... • https://www.zerodayinitiative.com/advisories/ZDI-24-804 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5574 – WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-5574
18 Jun 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/wp-magazine-modules-lite/trunk/includes/src/banner/element.php#L1363 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-39470 – PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39470
18 Jun 2024 — PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. An attacke... • https://www.papercut.com/kb/Main/SecurityBulletinJune2023 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5853 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5853
18 Jun 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3103410/sirv/trunk/sirv.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6132 – Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6132
18 Jun 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wp-pexels-free-stock-photos/trunk/settings.php#L239 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6145 – Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6145
18 Jun 2024 — Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. ... An attacker can leverage this vulnerability to execute code in the context of the ... • https://www.zerodayinitiative.com/advisories/ZDI-24-808 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6153 – Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability
https://notcve.org/view.php?id=CVE-2024-6153
18 Jun 2024 — An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this in co... • https://www.zerodayinitiative.com/advisories/ZDI-24-803 • CWE-693: Protection Mechanism Failure •