CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-9478
https://notcve.org/view.php?id=CVE-2018-9478
20 Nov 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9472
https://notcve.org/view.php?id=CVE-2018-9472
20 Nov 2024 — This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11495 – Buffer overflow in OllyDbg
https://notcve.org/view.php?id=CVE-2024-11495
20 Nov 2024 — Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking. • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-ollydbg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48531
https://notcve.org/view.php?id=CVE-2024-48531
20 Nov 2024 — A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/esoft-planner-cve/esoft_planner_cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48534
https://notcve.org/view.php?id=CVE-2024-48534
20 Nov 2024 — A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/esoft-planner-cve/esoft_planner_cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10898 – Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-10898
20 Nov 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. • https://www.wordfence.com/threat-intel/vulnerabilities/id/d82efaa3-ea61-476c-ad1a-60585450c63a?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52765
https://notcve.org/view.php?id=CVE-2024-52765
20 Nov 2024 — H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. • http://tjr181.com/2024/11/08/H3C%20GR-1800AX • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52490 – WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52490
20 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/pathomation/vulnerability/wordpress-pathomation-plugin-2-5-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52496 – WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52496
20 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. T... • https://patchstack.com/database/wordpress/plugin/absolute-addons/vulnerability/wordpress-absolute-addons-for-elementor-plugin-1-0-14-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52497 – WordPress Shopready plugin <= 3.5 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52497
20 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain ... • https://patchstack.com/database/wordpress/plugin/shopready-elementor-addon/vulnerability/wordpress-shopready-plugin-3-5-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •