CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11581 – Luxion KeyShot JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11581
21 Nov 2024 — Luxion KeyShot JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacke... • https://download.keyshot.com/cert/ksa-655925/ksa-655925.pdf?version=1.0&_gl=1*1vzfrlf*_gcl_au*MTIxNTA2Njg4MS4xNzMxNTMwMjIx • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-9479
https://notcve.org/view.php?id=CVE-2018-9479
20 Nov 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-9478
https://notcve.org/view.php?id=CVE-2018-9478
20 Nov 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9472
https://notcve.org/view.php?id=CVE-2018-9472
20 Nov 2024 — This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11495 – Buffer overflow in OllyDbg
https://notcve.org/view.php?id=CVE-2024-11495
20 Nov 2024 — Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking. • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-ollydbg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48531
https://notcve.org/view.php?id=CVE-2024-48531
20 Nov 2024 — A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/esoft-planner-cve/esoft_planner_cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48534
https://notcve.org/view.php?id=CVE-2024-48534
20 Nov 2024 — A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/esoft-planner-cve/esoft_planner_cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10898 – Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-10898
20 Nov 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. • https://www.wordfence.com/threat-intel/vulnerabilities/id/d82efaa3-ea61-476c-ad1a-60585450c63a?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52765
https://notcve.org/view.php?id=CVE-2024-52765
20 Nov 2024 — H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. • http://tjr181.com/2024/11/08/H3C%20GR-1800AX • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52490 – WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52490
20 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/pathomation/vulnerability/wordpress-pathomation-plugin-2-5-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •