CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23317
https://notcve.org/view.php?id=CVE-2024-23317
External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior. • https://security.gallagher.com/Security-Advisories/CVE-2024-23317 • CWE-73: External Control of File Name or Path •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38734 – WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38734
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4. The Import Spreadsheets from Microsoft Excel plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 10.1.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/import-spreadsheets-from-microsoft-excel/wordpress-import-spreadsheets-from-microsoft-excel-plugin-10-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38736 – WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38736
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. The Realtyna Organic IDX plugin + WPL Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.14.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32467
https://notcve.org/view.php?id=CVE-2023-32467
A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 • CWE-665: Improper Initialization •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32472
https://notcve.org/view.php?id=CVE-2023-32472
A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •