CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-50804
https://notcve.org/view.php?id=CVE-2024-50804
18 Nov 2024 — Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder • https://github.com/g3tsyst3m/CVE-2024-50804 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-50849
https://notcve.org/view.php?id=CVE-2024-50849
18 Nov 2024 — Cross-Site Scripting (XSS) in the "Rules" functionality in WordServer 11.8.2 allows a remote authenticated attacker to execute arbitrary code. A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. • https://github.com/Wh1teSnak3/CVE-2024-50849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51053
https://notcve.org/view.php?id=CVE-2024-51053
18 Nov 2024 — An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://binqqer.com/posts/CVE-2024-51053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52444 – WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-52444
18 Nov 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/opal-woo-custom-product-variation/wordpress-opal-woo-custom-product-variation-plugin-1-1-3-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52448 – WordPress Ultimate Classified Listings plugin <= 1.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52448
18 Nov 2024 — This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/ultimate-classified-listings/wordpress-ultimate-classified-listings-plugin-1-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52450 – WordPress nBlocks plugin <= 1.0.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52450
18 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Official pro coders nBlocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through 1.0.2. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, o... • https://patchstack.com/database/vulnerability/nblocks/wordpress-nblocks-plugin-1-0-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-43091 – Gnome-maps: gnome maps is vulnerable to a code injection attack (similar to xss) via its service.json
https://notcve.org/view.php?id=CVE-2023-43091
17 Nov 2024 — A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. • https://bugzilla.redhat.com/show_bug.cgi?id=2239091 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-52416 – WordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-52416
16 Nov 2024 — Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2. • https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability? • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 399EXPL: 0CVE-2022-20649 – Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-20649
15 Nov 2024 — A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq • CWE-489: Active Debug Code •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9849 – 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 4.6 - Authenticated (Author+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9849
15 Nov 2024 — This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. ... This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/real3d-flipbook-lite/tags/4.6/includes/plugin-admin.php#L77 • CWE-434: Unrestricted Upload of File with Dangerous Type •