CVE-2024-46475
https://notcve.org/view.php?id=CVE-2024-46475
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://blog.csdn.net/qq_45744104/article/details/141903463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-9108 – Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9108
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/includes/social/class-xh-social-wp-api.php?rev=2111074#L39 https://www.wordfence.com/threat-intel/vulnerabilities/id/06881386-3c92-426b-948d-58e8a8bee624?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-46511
https://notcve.org/view.php?id=CVE-2024-46511
LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function. • https://github.com/zolaer9527/serverless-app/security/advisories/GHSA-3ggq-wrf4-c88v • CWE-266: Incorrect Privilege Assignment •
CVE-2024-47649 – WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-47649
The Iconize plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.2.4. • https://patchstack.com/database/vulnerability/iconize/wordpress-iconize-plugin-1-2-4-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-6983 – Remote Code Execution in mudler/localai
https://notcve.org/view.php?id=CVE-2024-6983
mudler/localai version 2.17.1 is vulnerable to remote code execution. • https://huntr.com/bounties/f91fb287-412e-4c89-87df-9e4b6e609647 https://github.com/mudler/localai/commit/d02a0f6f01d5c4a926a2d67190cb55d7aca23b66 • CWE-94: Improper Control of Generation of Code ('Code Injection') •