CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32809 – WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32809
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/activedemand/wordpress-activedemand-plugin-0-2-41-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-31666
https://notcve.org/view.php?id=CVE-2024-31666
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. • https://github.com/hapa3/CVE-2024-31666 https://github.com/hapa3/cms/blob/main/1.md •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32407
https://notcve.org/view.php?id=CVE-2024-32407
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. • https://book.hacktricks.xyz/v/jp/pentesting-web/ssti-server-side-template-injection https://cxsecurity.com/issue/WLB-2024040049 • CWE-918: Server-Side Request Forgery (SSRF) CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-31621 – Flowise 1.6.5 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. • https://www.exploit-db.com/exploits/52001 https://flowiseai.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29991 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29991
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) This vulnerability allows remote attackers to bypass the Mark-Of-The-Web security feature to execute arbitrary code on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29991 • CWE-94: Improper Control of Generation of Code ('Code Injection') •