CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-43160 – WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-43160
Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/store_webp.php file in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/KTN1990/CVE-2024-43160 https://github.com/maybeheisenberg/PoC-for-CVE-2024-43160 https://patchstack.com/database/vulnerability/searchpro/wordpress-berqwp-plugin-1-7-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43128 – WordPress WooCommerce Product Table Lite plugin <= 3.5.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-43128
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1. • https://patchstack.com/database/vulnerability/wc-product-table-lite/wordpress-woocommerce-product-table-lite-plugin-3-5-1-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42393 – Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42393
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-5828 – EL Injection Vulnerability in Hitachi Tuning Manager
https://notcve.org/view.php?id=CVE-2024-5828
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. Vulnerabilidad de inyección de lenguaje de expresión en Hitachi Tuning Manager en Windows, Linux y Solaris permite la inyección de código. Este problema afecta a Hitachi Tuning Manager: versiones anteriores a 8.8.7-00. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-140/index.html • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34344 – Remote code execution via the browser when running the test locally in nuxt
https://notcve.org/view.php?id=CVE-2024-34344
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts. • https://github.com/nuxt/nuxt/security/advisories/GHSA-v784-fjjh-f8r4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •