CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37365 – FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path
https://notcve.org/view.php?id=CVE-2024-37365
A remote code execution vulnerability exists in the affected product. ... Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10828 – Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details
https://notcve.org/view.php?id=CVE-2024-10828
The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83 https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/core/trait-woe-core-extractor.php#L996 https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10629 – GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10629
This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/gpx-viewer/tags/2.2.9/gpx-viewer-admin.php#L144 https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6ff21-52f5-453f-bf97-881c39be1aeb?source=cve • CWE-862: Missing Authorization •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-50557
https://notcve.org/view.php?id=CVE-2024-50557
This could allow an unauthenticated remote attacker to execute arbitrary code on the device. • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-47942
https://notcve.org/view.php?id=CVE-2024-47942
The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. • https://cert-portal.siemens.com/productcert/html/ssa-351178.html • CWE-427: Uncontrolled Search Path Element •