CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47881 – OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)
https://notcve.org/view.php?id=CVE-2024-47881
Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. • https://github.com/OpenRefine/OpenRefine/commit/853a1d91662e7dc278a9a94a38be58de04494056 https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-87cf-j763-vvh8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50442 – WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability
https://notcve.org/view.php?id=CVE-2024-50442
This makes it possible for authenticated attackers, with author-level access and above, to inject external entities and perform other attacks like SSRF and remote code execution in the proper configuration. • https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-980-xml-external-entity-xxe-vulnerability?_s_id=cve • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41617
https://notcve.org/view.php?id=CVE-2024-41617
This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution. • https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d https://github.com/moneymanagerex/web-money-manager-ex/issues/51 https://github.com/moneymanagerex/web-money-manager-ex/releases/tag/v1.2.3 https://youtu.be/JaOrlT9G3yo?t=88 • CWE-863: Incorrect Authorization •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-8025 – Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8025
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-48454
https://notcve.org/view.php?id=CVE-2024-48454
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin? • https://github.com/N0zoM1z0/CVEs/blob/main/CVE-2024-48454.md https://www.sourcecodester.com https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html • CWE-434: Unrestricted Upload of File with Dangerous Type •