CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-27448
https://notcve.org/view.php?id=CVE-2024-27448
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file. • https://gist.github.com/stypr/fe2003f00959f7e3d92ab9d5260433f8 https://github.com/Tim-Hoekstra/MailDev-2.1.0-Exploit-RCE https://github.com/maildev/maildev/issues/467 https://github.com/maildev/maildev/releases https://intrix.com.au/articles/exposing-major-security-flaw-in-maildev •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31240 – WordPress WP Poll Maker plugin <= 3.1 - Auth. Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-31240
This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files that may make remote code execution possible. • https://patchstack.com/database/vulnerability/epoll-wp-voting/wordpress-wp-poll-maker-plugin-3-1-subscriber-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30849
https://notcve.org/view.php?id=CVE-2024-30849
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. • https://github.com/wkeyi0x1/vul-report/issues/3 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31300 – WordPress Easy Social Share Buttons plugin <= 9.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-31300
This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/easy-social-share-buttons3/wordpress-easy-social-share-buttons-plugin-9-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31286 – WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31286
This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-6-03-005-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •