CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-25864
https://notcve.org/view.php?id=CVE-2024-25864
Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. • https://github.com/friendica/friendica/issues/13877 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31011
https://notcve.org/view.php?id=CVE-2024-31011
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. • https://github.com/ss122-0ss/beescms/blob/main/readme.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-26495
https://notcve.org/view.php?id=CVE-2024-26495
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. • https://github.com/friendica/friendica/issues/13884 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-30998
https://notcve.org/view.php?id=CVE-2024-30998
SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component. • https://github.com/efekaanakkar/CVE-2024-30998 https://github.com/efekaanakkar/CVEs/blob/main/PHPGurukul-Men-Salon-Management-System-2.0.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31231 – WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-31231
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •