CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-31574
https://notcve.org/view.php?id=CVE-2024-31574
Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script La vulnerabilidad de Cross-Site Scripting en TWCMS v.2.6 permite a un atacante local ejecutar código arbitrario a través de un script manipulado. • https://github.com/ysl1415926/cve/blob/main/CVE-2024-31574.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32324
https://notcve.org/view.php?id=CVE-2024-32324
., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program. • https://github.com/teamoever/CVE/blob/main/LBT-T300-T400.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-29660
https://notcve.org/view.php?id=CVE-2024-29660
Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component. • https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-32358
https://notcve.org/view.php?id=CVE-2024-32358
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function. ... An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. • https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc https://www.wolai.com/catr00t/2LujDzjjcrAjUYpWtcusXD https://github.com/JPressProjects/jpress/releases/tag/v5.1.0 https://gitee.com/JPressProjects/jpress/releases/tag/v5.1.0 https://www.jpress.cn/download •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3962 – Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file
https://notcve.org/view.php?id=CVE-2024-3962
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon https://themeisle.com/plugins/ppom-pro https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •