CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-28515
https://notcve.org/view.php?id=CVE-2024-28515
Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component. • https://github.com/heshi906/CVE-2024-28515 https://gist.github.com/heshi906/090b647a76981b8aa621e99fd6e1795d • CWE-125: Out-of-bounds Read •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-27705
https://notcve.org/view.php?id=CVE-2024-27705
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27705 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3022 – BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-3022
This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution. • https://plugins.trac.wordpress.org/changeset/3061435/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php https://r0ot.notion.site/BookingPress-1-0-84-Authenticated-Administrator-Arbitrary-File-Upload-lead-to-RCE-e2603371c0c14d828144e26f2fdc1d01?pvs=4 https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 1CVE-2024-28589
https://notcve.org/view.php?id=CVE-2024-28589
An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization. • https://github.com/Alaatk/CVE-2024-28589 https://www.axigen.com/knowledgebase/Local-Privilege-Escalation-Vulnerability-on-Axigen-for-Windows-CVE-2024-28589-_402.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-31008
https://notcve.org/view.php?id=CVE-2024-31008
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. • https://github.com/majic-banana/vulnerability/blob/main/POC/WUZHICMS4.1.0-Captcha%20bypass%20%28logic%20vulnerability%29.md • CWE-290: Authentication Bypass by Spoofing •