CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33657 – Smm Callout in SmmComputrace Module
https://notcve.org/view.php?id=CVE-2024-33657
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7384 – AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function
https://notcve.org/view.php?id=CVE-2024-7384
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/acymailing/trunk/back/libraries/wordpress/file.php#L47 https://plugins.trac.wordpress.org/changeset/3137644 https://plugins.trac.wordpress.org/changeset?old_path=%2Facymailing&old=3118953&new_path=%2Facymailing&new=3137644&sfp_email=&sfph_mail= https://wordpress.org/plugins/acymailing/#developers https://www.acymailing.com/changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/0c747bc9-582c-4b9f-85a4-469c446d50f5?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-37008 – Stack-based Overflow Vulnerability in Revit Software
https://notcve.org/view.php?id=CVE-2024-37008
A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0013 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-6386 – WPML Multilingual CMS <= 4.6.12 - Authenticated(Contributor+) Remote Code Execution via Twig Server-Side Template Injection
https://notcve.org/view.php?id=CVE-2024-6386
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. ... The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. • https://github.com/realbotnet/CVE-2024-6386 https://github.com/argendo/CVE-2024-6386 https://sec.stealthcopter.com/wpml-rce-via-twig-ssti https://wpml.org https://www.wordfence.com/threat-intel/vulnerabilities/id/f7fc91cc-e529-4362-8269-bf7ee0766e1e? • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7013
https://notcve.org/view.php?id=CVE-2024-7013
Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. • https://industry.panasonic.com/jp/ja/products/fasys/plc/software/fpwinpro7 https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro • CWE-121: Stack-based Buffer Overflow •