CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-30998
https://notcve.org/view.php?id=CVE-2024-30998
SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component. • https://github.com/efekaanakkar/CVE-2024-30998 https://github.com/efekaanakkar/CVEs/blob/main/PHPGurukul-Men-Salon-Management-System-2.0.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31231 – WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-31231
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31012
https://notcve.org/view.php?id=CVE-2024-31012
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. • https://github.com/ss122-0ss/semcmsv4.8/blob/main/readme.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-29477
https://notcve.org/view.php?id=CVE-2024-29477
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input. • http://dolibarr.com https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-20849
https://notcve.org/view.php?id=CVE-2024-20849
Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=04 •