CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3136 – MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template
https://notcve.org/view.php?id=CVE-2024-3136
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-29375
https://notcve.org/view.php?id=CVE-2024-29375
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters. • https://github.com/ismailcemunver/CVE-2024-29375 •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29387
https://notcve.org/view.php?id=CVE-2024-29387
projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php. Se descubrió que projeqtor hasta la versión 11.2.0 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /view/print.php. • https://cve.anas-cherni.me/2024/04/04/cve-2024-29387 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0394 – Rapid7 Minerva Armor Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-0394
Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. • https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-31380 – WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31380
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3. ... Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9. • https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •