CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32599 – WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-32599
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1. ... The WP Dummy Content Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 3.3.0 (exclusive). This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-3-2-1-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31680
https://notcve.org/view.php?id=CVE-2024-31680
IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component. • https://github.com/heidashuai5588/cve/blob/main/upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31784
https://notcve.org/view.php?id=CVE-2024-31784
An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component. • https://github.com/0x0fc/TyporaIframe/blob/main/TyporaIframeVuln.md • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23594
https://notcve.org/view.php?id=CVE-2024-23594
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-48709 – iTop vulnerable to potential formula injection in Excel/CSV export file
https://notcve.org/view.php?id=CVE-2023-48709
As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. • https://github.com/Combodo/iTop/commit/083a0b79bfa2c106735b5c10eddb35a05ec7f04a https://github.com/Combodo/iTop/commit/b10bcb976dfe8e55aa0f659bfbcdd18334a1b17c https://github.com/Combodo/iTop/security/advisories/GHSA-9q3x-9987-53x9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •