CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-50986
https://notcve.org/view.php?id=CVE-2024-50986
15 Nov 2024 — An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. • https://github.com/riftsandroses/CVE-2024-50986 • CWE-426: Untrusted Search Path •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-51142
https://notcve.org/view.php?id=CVE-2024-51142
15 Nov 2024 — Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. • https://infosecwriteups.com/chamilo-lms-authentication-bypass-and-cross-site-scripting-stored-3fcb874ac7c1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51330
https://notcve.org/view.php?id=CVE-2024-51330
15 Nov 2024 — An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components, Ultimaker 3D Printers. • https://gist.github.com/HalaAli198/ff06d7a94c06cdfb821dec4d6303e01b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52427 – WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52427
15 Nov 2024 — The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with author-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52428 – WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52428
15 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, ... • https://patchstack.com/database/vulnerability/free-wp-booster-by-ads-pro/wordpress-ads-booster-by-ads-pro-plugin-1-12-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-52429 – WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-52429
15 Nov 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins and themes which can be leveraged to achieve remote code execution. • https://patchstack.com/database/vulnerability/wp-quick-setup/wordpress-wp-quick-setup-plugin-2-0-arbitrary-plugin-and-theme-installation-to-remote-code-execution-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52434 – WordPress Popup by Supsystic plugin <= 1.10.29 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52434
15 Nov 2024 — The Popup by Supsystic plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.29. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-29-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52308 – Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
https://notcve.org/view.php?id=CVE-2024-52308
14 Nov 2024 — The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. ... Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... • https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10397
https://notcve.org/view.php?id=CVE-2024-10397
14 Nov 2024 — A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. • https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49362 – Remote Code Execution on click of <a> Link in markdown preview
https://notcve.org/view.php?id=CVE-2024-49362
14 Nov 2024 — Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. ... This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution. • https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •