CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11150 – WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-11150
This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/user-extra-fields/12949844 https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39d797-9230-41d9-a335-864845b56aa0?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-28726
https://notcve.org/view.php?id=CVE-2024-28726
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. • https://github.com/Mrnmap/mrnmap-cve https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-28726 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28729
https://notcve.org/view.php?id=CVE-2024-28729
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. • https://github.com/Mrnmap/mrnmap-cve https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-28729 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6871 – G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6871
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of autostart tasks. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of autostart tasks. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-1486 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9712 – Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9712
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-24-1473 • CWE-416: Use After Free •