CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-10573 – Mpg123: buffer overflow when writing decoded pcm samples
https://notcve.org/view.php?id=CVE-2024-10573
Consequently, heap corruption may happen, and arbitrary code execution is not discarded. ... Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. • https://access.redhat.com/security/cve/CVE-2024-10573 https://bugzilla.redhat.com/show_bug.cgi?id=2322980 https://mpg123.org/cgi-bin/news.cgi#2024-10-26 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43383 – Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
https://notcve.org/view.php?id=CVE-2024-43383
This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue. • https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39332
https://notcve.org/view.php?id=CVE-2024-39332
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. • https://herolab.usd.de/security-advisories/usd-2024-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51582 – WordPress WP Hotel Booking plugin <= 2.1.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-51582
This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/wp-hotel-booking/wordpress-wp-hotel-booking-plugin-2-1-4-local-file-inclusion-vulnerability?_s_id=cve • .//' CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-52044
https://notcve.org/view.php?id=CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. • https://github.com/Studio-42/elFinder/issues/3615 • CWE-434: Unrestricted Upload of File with Dangerous Type •