CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32324
https://notcve.org/view.php?id=CVE-2024-32324
., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program. • https://github.com/teamoever/CVE/blob/main/LBT-T300-T400.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-29660
https://notcve.org/view.php?id=CVE-2024-29660
Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. • https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-32358
https://notcve.org/view.php?id=CVE-2024-32358
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function. ... An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. • https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc https://www.wolai.com/catr00t/2LujDzjjcrAjUYpWtcusXD https://github.com/JPressProjects/jpress/releases/tag/v5.1.0 https://gitee.com/JPressProjects/jpress/releases/tag/v5.1.0 https://www.jpress.cn/download •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3962 – Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file
https://notcve.org/view.php?id=CVE-2024-3962
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon https://themeisle.com/plugins/ppom-pro https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33560 – WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-33560
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/xstore/wordpress-xstore-theme-9-3-5-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •