CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29202 – JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery
https://notcve.org/view.php?id=CVE-2024-29202
Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29201 – JumpServer's insecure Ansible playbook validation leads to RCE in Celery
https://notcve.org/view.php?id=CVE-2024-29201
Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-pjpp-cm9x-6rwj • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31114 – WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31114
This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-3-2-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31115 – WordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31115
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/chauffeur-booking-system/wordpress-chauffeur-taxi-booking-system-for-wordpress-plugin-6-9-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31032
https://notcve.org/view.php?id=CVE-2024-31032
An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. • https://github.com/walskt/CVE/blob/main/CVE-2024-31032/README.md https://github.com/whgojp/cve-reports/blob/master/Huashi_Private_Cloud_CDN_Live_Streaming_Acceleration_Server_Has_RCE_Vulnerability/report.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •