CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2024-12550 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12550
11 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11947 – GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11947
11 Dec 2024 — GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. An attacker can l... • https://www.zerodayinitiative.com/advisories/ZDI-24-1670 • CWE-502: Deserialization of Untrusted Data •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12548 – Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12548
11 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11949 – GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11949
11 Dec 2024 — GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. An attacker can ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1672 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-10124 – Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-10124
11 Dec 2024 — This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. • https://packetstorm.news/files/id/183151 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12549 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12549
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54370 – WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54370
11 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12551 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12551
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54372 – WordPress Insertify plugin <= 1.1.4 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-54372
11 Dec 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. ... This makes it possible for unauthenticated attackers to execute remote code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/wordpress/plugin/insertify/vulnerability/wordpress-insertify-plugin-1-1-4-csrf-to-remote-code-execution-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12547 – Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12547
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •