Page 53 of 37406 results (0.079 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-8353 – GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection

https://notcve.org/view.php?id=CVE-2024-8353

The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. • https://github.com/maybeheisenberg/CVE-2024-8353 https://plugins.trac.wordpress.org/browser/give/tags/3.16.0/includes/process-donation.php#L154 https://plugins.trac.wordpress.org/changeset/3149290/give/tags/3.16.1/includes/admin/admin-actions.php https://plugins.trac.wordpress.org/changeset/3149290/give/tags/3.16.1/includes/process-donation.php https://plugins.trac.wordpress.org/changeset/3149290/give/tags/3.16.1/src/Helpers/Utils.php https://plugins.trac.wordpress.org/changeset/3157829 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-33368

https://notcve.org/view.php?id=CVE-2024-33368

An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen • https://gist.github.com/apple502j/54e0f80bfe082fd934e33970394adbb8 https://github.com/plasmoapp/RPShare • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-46256

https://notcve.org/view.php?id=CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. • https://github.com/NginxProxyManager/nginx-proxy-manager/blob/v2.11.3/backend/internal/certificate.js#L830 https://github.com/NginxProxyManager/nginx-proxy-manager/commit/99cce7e2b0da2978411cedd7cac5fffbe15bc466 https://github.com/barttran2k/POC_CVE-2024-46256 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-46257

https://notcve.org/view.php?id=CVE-2024-46257

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. • https://github.com/NginxProxyManager/nginx-proxy-manager/blob/v2.11.3/backend/internal/certificate.js#L870 https://github.com/NginxProxyManager/nginx-proxy-manager/commit/99cce7e2b0da2978411cedd7cac5fffbe15bc466 https://github.com/barttran2k/POC_CVE-2024-46256 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-46441

https://notcve.org/view.php?id=CVE-2024-46441

An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). • https://github.com/kacins/YPay/issues/4 • CWE-434: Unrestricted Upload of File with Dangerous Type •