CVE-2024-8479 – Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8479
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/simple-spoiler/trunk/simple-spoiler.php#L108 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3151179%40simple-spoiler&new=3151179%40simple-spoiler&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/8ffc76d8-b841-4c26-bbc6-1f96664efe36?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-44430
https://notcve.org/view.php?id=CVE-2024-44430
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface • https://blog.csdn.net/samwbs/article/details/140954482 https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-8696 – A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
https://notcve.org/view.php?id=CVE-2024-8696
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-8695 – A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
https://notcve.org/view.php?id=CVE-2024-8695
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-6702
https://notcve.org/view.php?id=CVE-2024-6702
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. • https://support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •