CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33752
https://notcve.org/view.php?id=CVE-2024-33752
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. • https://github.com/Myanemo/emlogpro/blob/main/emlog%20pro2.3.2%20File%20upload%20to%20getshell.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34416 – WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-34416
This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/phpsword-favicon-manager/wordpress-pk-favicon-manager-plugin-2-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34072 – Deserialization of Untrusted Data in sagemaker-python-sdk
https://notcve.org/view.php?id=CVE-2024-34072
This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. • https://github.com/aws/sagemaker-python-sdk/pull/4557 https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34073 – Command Injection in sagemaker-python-sdk
https://notcve.org/view.php?id=CVE-2024-34073
This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. • https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5 https://github.com/aws/sagemaker-python-sdk/pull/4556 https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7pc3-pr3q-58vg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51612 – Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51612
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-23-1913 • CWE-416: Use After Free •