CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-29208 – Ubiquiti Networks EV Station changeUserPassword Missing Authentication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29208
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EV Station. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09 • CWE-521: Weak Password Requirements •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-20863
https://notcve.org/view.php?id=CVE-2024-20863
Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=05 •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-20862
https://notcve.org/view.php?id=CVE-2024-20862
Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=05 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34552 – WordPress Stockholm theme <= 9.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-34552
This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/stockholm/wordpress-stockholm-theme-9-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33434
https://notcve.org/view.php?id=CVE-2024-33434
An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering. • https://gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496 https://github.com/tiagorlampert/CHAOS/pull/95 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •