CVE-2024-48042 – WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-48042
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un motor de plantillas en Supsystic Contact Form de Supsystic permite la inyección de comandos. Este problema afecta a Contact Form de Supsystic: desde n/a hasta 1.7.28. • https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-28-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVE-2024-49271 – WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49271
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. : Vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un motor de plantillas en Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) permite: Inyección de comandos. Este problema afecta a Unlimited Elements For Elementor (Free Widgets, Addons, Templates): desde n/a hasta 1.5.121. • https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-1-5-121-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVE-2023-32188 – JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-32188
This can lead to an RCE. ... Esto puede dar lugar a una RCE. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188 https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x • CWE-1270: Generation of Incorrect Security Tokens •
CVE-2024-45711 – SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45711
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45711 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-48744
https://notcve.org/view.php?id=CVE-2024-48744
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •