CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48448
https://notcve.org/view.php?id=CVE-2024-48448
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48450
https://notcve.org/view.php?id=CVE-2024-48450
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48450 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48655
https://notcve.org/view.php?id=CVE-2024-48655
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file. • https://github.com/totaljs/cms/issues/49 https://medium.com/%400x0d0x0a/cve-2024-48655-server-side-javascript-code-injection-in-total-js-cms-c5fc18359bdc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48743
https://notcve.org/view.php?id=CVE-2024-48743
Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. • https://gist.github.com/rvismit/538232c3f258e468195febb69f3f2d3b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50473 – WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50473
The Ajar in5 Embed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-50473 https://patchstack.com/database/vulnerability/ajar-productions-in5-embed/wordpress-ajar-in5-embed-plugin-3-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •