CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28890 – Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-28890
If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://jvn.jp/en/jp/JVN50132400 https://wordpress.org/plugins/forminator https://wpmudev.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30564
https://notcve.org/view.php?id=CVE-2024-30564
An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method. • https://gist.github.com/mestrtee/5dc2c948c2057f98d3de0a9790903c6c https://github.com/andrei-tatar/nora-firebase-common/commit/bf30b75d51be04f6c1f884561a223226c890f01b • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2961 – glibc: Out of bounds write in iconv may lead to remote code execution
https://notcve.org/view.php?id=CVE-2024-2961
This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad. • https://github.com/rvizx/CVE-2024-2961 https://github.com/tnishiox/cve-2024-2961 https://github.com/absolutedesignltd/iconvfix https://github.com/mattaperkins/FIX-CVE-2024-2961 http://www.openwall.com/lists/oss-security/2024/04/17/9 http://www.openwall.com/lists/oss-security/2024/04/18/4 http://www.openwall.com/lists/oss-security/2024/04/24/2 http://www.openwall.com/lists/oss-security/2024/05/27/1 http://www.openwall.com/lists/oss-security/2024/05/2 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28073 – SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-28073
SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. ... Se descubrió que SolarWinds Serv-U era susceptible a una vulnerabilidad de Directory Traversal Remote Code. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28073 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5406
https://notcve.org/view.php?id=CVE-2023-5406
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. • https://process.honeywell.com • CWE-787: Out-of-bounds Write •