CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-28722
https://notcve.org/view.php?id=CVE-2024-28722
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint Vulnerabilidad de Cross Site Scripting en Innovaphone myPBX v.14r1, v.13r3, v.12r2 permite a un atacante remoto ejecutar código arbitrario a través del parámetro de consulta en el endpoint /CMD0/xml_modes.xml • http://innovaphone.com http://mypbx.com https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Firmware#159317_-_Advanced_UI:_Prevent_XSL_injection • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-28717
https://notcve.org/view.php?id=CVE-2024-28717
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. • https://bugs.launchpad.net/storlets/+bug/2047723 https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32954 – WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32954
This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32809 – WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32809
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/activedemand/wordpress-activedemand-plugin-0-2-41-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-31666
https://notcve.org/view.php?id=CVE-2024-31666
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. • https://github.com/hapa3/CVE-2024-31666 https://github.com/hapa3/cms/blob/main/1.md •