CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52498 – WordPress SP Blog Designer plugin <= 1.0.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52498
20 Nov 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/wordpress/plugin/sp-blog-designer/vulnerability/wordpress-sp-blog-designer-plugin-1-0-0-local-file-inclusion-vulnerability?_s_id=cve • .//' CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52499 – WordPress Pricing table addon for elementor plugin <= 1.0.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52499
20 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kardi Pricing table addon for elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through 1.0.0. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This ca... • https://patchstack.com/database/wordpress/plugin/pricing-table-addon-for-elementor/vulnerability/wordpress-pricing-table-addon-for-elementor-plugin-1-0-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52501 – WordPress Office Locator plugin <= 1.3.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52501
20 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or... • https://patchstack.com/database/wordpress/plugin/office-locator/vulnerability/wordpress-office-locator-plugin-1-2-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52725
https://notcve.org/view.php?id=CVE-2024-52725
20 Nov 2024 — SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. • http://semcms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-52739
https://notcve.org/view.php?id=CVE-2024-52739
20 Nov 2024 — D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. • https://github.com/faqiadegege/IoTVuln/blob/main/DI_8400_msp_info_htm_rce/detail.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52769
https://notcve.org/view.php?id=CVE-2024-52769
20 Nov 2024 — An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://co-a1natas.feishu.cn/docx/Zsd9dnGUvoBW6tx0G5fcVx6vnBb • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52770
https://notcve.org/view.php?id=CVE-2024-52770
20 Nov 2024 — An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://co-a1natas.feishu.cn/docx/Zsd9dnGUvoBW6tx0G5fcVx6vnBb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11477 – 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11477
20 Nov 2024 — 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverag... • https://github.com/TheN00bBuilder/cve-2024-11477-writeup • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44307
https://notcve.org/view.php?id=CVE-2024-44307
19 Nov 2024 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/120911 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44306
https://notcve.org/view.php?id=CVE-2024-44306
19 Nov 2024 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/120911 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •