CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51790 – WordPress HB AUDIO GALLERY plugin <= 3.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51790
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/hb-audio-gallery/wordpress-hb-audio-gallery-plugin-3-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51791 – WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51791
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/forms-by-made-it/wordpress-forms-plugin-2-8-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10626 – WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-10626
This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/woocommerce-support-ticket-system/17930050 https://www.wordfence.com/threat-intel/vulnerabilities/id/eeb2c829-579f-41e2-ad5f-8e4fc125d980?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8424 – WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM
https://notcve.org/view.php?id=CVE-2024-8424
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00017 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49524 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-49524
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •