CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-51326
https://notcve.org/view.php?id=CVE-2024-51326
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326%20-%20Union%20SQLi https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10263 – Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-10263
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48050
https://notcve.org/view.php?id=CVE-2024-48050
Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands. • https://gist.github.com/AfterSnows/0ad9d233a9d2a5b7e6e5273e2e23508d https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Code-Execution-via-The-use-of-eval-in-is_callable_expression-and-sanitize_nod-cd4ea6c576da4e0b965ef596855c298d • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48061
https://notcve.org/view.php?id=CVE-2024-48061
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. langflow <=1.0.18 es vulnerable a la ejecución remota de código (RCE), ya que cualquier componente proporciona la funcionalidad del código y los componentes se ejecutan en la máquina local en lugar de en un entorno aislado. • https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61 https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51779 – WordPress Don't Break The Code plugin <= .3.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51779
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stranger Studios (WordCamp Philly) Don't Break The Code allows Reflected XSS.This issue affects Don't Break The Code: from n/a through .3.1. The Don't Break The Code plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, .3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/dont-break-the-code/wordpress-don-t-break-the-code-plugin-3-1-reflected-cross-site-scripting-xss-vulnerability? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •