CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33644 – WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-33644
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. ... The Customify Site Library plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.0.9. This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/customify-sites/wordpress-customify-site-library-plugin-0-0-9-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: 267EXPL: 0CVE-2024-20359 – Cisco ASA and FTD Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20359
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. ... A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31616
https://notcve.org/view.php?id=CVE-2024-31616
An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file. • https://gist.github.com/Swind1er/0c50e72428059fb72a4fd4d31c43f883 • CWE-790: Improper Filtering of Special Elements •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23527 – Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23527
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. • https://www.ivanti.com/blog/security-update-for-ivanti-avalanche •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32657 – Hydra has persistent XSS vulnerability serving HTML build outputs
https://notcve.org/view.php?id=CVE-2024-32657
Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. • https://github.com/NixOS/hydra/commit/b72528be5074f3e62e9ae2c2ae8ef9c07a0b4dd3 https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx https://github.com/NixOS/nixpkgs/pull/306017 https://github.com/NixOS/nixpkgs/pull/306018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •