CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50531 – WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50531
The RSVPMaker for Toastmasters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/rsvpmaker-for-toastmasters/wordpress-rsvpmaker-for-toastmasters-plugin-6-2-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-31972
https://notcve.org/view.php?id=CVE-2024-31972
EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user's session) via the Wi-Fi SSID input fields. • https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-31972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42041
https://notcve.org/view.php?id=CVE-2024-42041
The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component. • https://github.com/actuator/com.videodownload.browser.videodownloader/blob/main/CVE-2024-42041 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48093
https://notcve.org/view.php?id=CVE-2024-48093
Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types. • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-48093/Description.md https://youtu.be/rCYIohrQdxM • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48112
https://notcve.org/view.php?id=CVE-2024-48112
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. • https://github.com/nn0nkey/nn0nkey/blob/main/Thinkphp/CVE-2024-48112.md https://github.com/top-think/think • CWE-502: Deserialization of Untrusted Data •