CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52447 – WordPress Contact Page With Google Map plugin <= 1.6.1 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-52447
18 Nov 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/contact-page-with-google-map/wordpress-contact-page-with-google-map-plugin-1-6-1-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-35: Path Traversal: '.../...//' CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-33231
https://notcve.org/view.php?id=CVE-2024-33231
18 Nov 2024 — Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. • https://github.com/fdzdev/CVE-2024-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2015-20111
https://notcve.org/view.php?id=CVE-2015-20111
18 Nov 2024 — In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. • https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-50804
https://notcve.org/view.php?id=CVE-2024-50804
18 Nov 2024 — Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder • https://github.com/g3tsyst3m/CVE-2024-50804 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-50849
https://notcve.org/view.php?id=CVE-2024-50849
18 Nov 2024 — Cross-Site Scripting (XSS) in the "Rules" functionality in WordServer 11.8.2 allows a remote authenticated attacker to execute arbitrary code. A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. • https://github.com/Wh1teSnak3/CVE-2024-50849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51053
https://notcve.org/view.php?id=CVE-2024-51053
18 Nov 2024 — An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://binqqer.com/posts/CVE-2024-51053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52444 – WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-52444
18 Nov 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/opal-woo-custom-product-variation/wordpress-opal-woo-custom-product-variation-plugin-1-1-3-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52448 – WordPress Ultimate Classified Listings plugin <= 1.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52448
18 Nov 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/ultimate-classified-listings/wordpress-ultimate-classified-listings-plugin-1-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52450 – WordPress nBlocks plugin <= 1.0.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52450
18 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Official pro coders nBlocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through 1.0.2. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, o... • https://patchstack.com/database/vulnerability/nblocks/wordpress-nblocks-plugin-1-0-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-43091 – Gnome-maps: gnome maps is vulnerable to a code injection attack (similar to xss) via its service.json
https://notcve.org/view.php?id=CVE-2023-43091
17 Nov 2024 — A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. • https://bugzilla.redhat.com/show_bug.cgi?id=2239091 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •