CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31013
https://notcve.org/view.php?id=CVE-2024-31013
Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. • https://github.com/emlog/emlog/issues/291 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31232 – WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-31232
This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-25864
https://notcve.org/view.php?id=CVE-2024-25864
Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. • https://github.com/friendica/friendica/issues/13877 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31011
https://notcve.org/view.php?id=CVE-2024-31011
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. • https://github.com/ss122-0ss/beescms/blob/main/readme.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-26495
https://notcve.org/view.php?id=CVE-2024-26495
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. • https://github.com/friendica/friendica/issues/13884 •