CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10801 – WordPress User Extra Fields <= 16.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10801
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/user-extra-fields/12949844 https://www.wordfence.com/threat-intel/vulnerabilities/id/6a60e2c3-4597-4b21-ad20-6a00e483fcf1?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-39354 – Delta Electronics DIAScreen Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-39354
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02 https://www.deltaww.com/en-US/Cybersecurity_Advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-39605 – Delta Electronics DIAScreen Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-39605
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02 https://www.deltaww.com/en-US/Cybersecurity_Advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-47131 – Delta Electronics DIAScreen Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-47131
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02 https://www.deltaww.com/en-US/Cybersecurity_Advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-51152
https://notcve.org/view.php?id=CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component. • https://co-a1natas.feishu.cn/docx/GuYjd2lDEoxNhVxPa9Yc1akknee • CWE-434: Unrestricted Upload of File with Dangerous Type •