CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9418
https://notcve.org/view.php?id=CVE-2018-9418
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9413
https://notcve.org/view.php?id=CVE-2018-9413
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53992 – unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload
https://notcve.org/view.php?id=CVE-2024-53992
02 Dec 2024 — unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a. unzip-bot es un bot de Telegram que extrae distintos tipos de archivos. Los usuarios podrían aprovechar las entradas no desinfectadas para inyectar comandos maliciosos que se ejecutan... • https://github.com/EDM115/unzip-bot/commit/5213b693eabb562842cdbf21c1074e91bfa00274 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8785 – WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8785
02 Dec 2024 — In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46909 – WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-46909
02 Dec 2024 — In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress S... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 • CWE-16: Configuration CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11391 – Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11391
02 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3199242 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54214 – WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54214
02 Dec 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/revy/vulnerability/wordpress-revy-plugin-1-18-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-53375 – TP-Link Archer Authenticated OS Command Injection
https://notcve.org/view.php?id=CVE-2024-53375
02 Dec 2024 — Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. ... Las vulnerabilidades de ejecución remota de código (RCE) autenticada afectan a los enrutadores de las series Archer, Deco y Tapo de TP-Link. ... An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. • https://packetstorm.news/files/id/183288 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51815 – WordPress s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241114 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-51815
02 Dec 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114. The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (Pro) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 241114. This makes it possible for unauthenticated attackers... • https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11950 – XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11950
02 Dec 2024 — XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. ... An attacker can leverage this vulnerability to execute code in the context of the curren... • https://www.zerodayinitiative.com/advisories/ZDI-24-1640 • CWE-191: Integer Underflow (Wrap or Wraparound) •