CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10913 – Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace'
https://notcve.org/view.php?id=CVE-2024-10913
If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy//tags/2.4.6/lib/icit_srdb_replacer.php#L24 https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.4.7/lib/icit_srdb_replacer.php#L24 https://www.wordfence.com/threat-intel/vulnerabilities/id/16569267-ab52-4b96-86f0-d37c470a3938?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48069
https://notcve.org/view.php?id=CVE-2024-48069
A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file. • https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1 https://github.com/stuven1989/TemporaryGuild/blob/main/guild2.md • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48694
https://notcve.org/view.php?id=CVE-2024-48694
File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. • https://avd.aliyun.com/detail?id=AVD-2023-1678930 https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/32024c5dbb7ff60fa7347cccf6ebb3763a513e7a/docs/wiki/webapp/OfficeWeb365/OfficeWeb365%20SaveDraw%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md?plain=1#L24 https://github.com/Threekiii/Vulnerability-Wiki/blob/master/docs-base/docs/webapp/OfficeWeb365-SaveDraw-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md https:/&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51743 – Arbitrary File Write leading up to remote code execution (instructor accounts)
https://notcve.org/view.php?id=CVE-2024-51743
This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. • https://github.com/MarkUsProject/Markus/pull/7026 https://github.com/MarkUsProject/Markus/security/advisories/GHSA-hwgg-qvjx-572x • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51499 – MarkUs Arbitrary File Write leading up to remote code execution (student accounts)
https://notcve.org/view.php?id=CVE-2024-51499
This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. • https://github.com/MarkUsProject/Markus/pull/7026 https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w • CWE-434: Unrestricted Upload of File with Dangerous Type •