CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52406 – WordPress CSV to html plugin <= 3.04 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52406
13 Nov 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52407 – WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52407
13 Nov 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/basepress-migration-tools/wordpress-basepress-migration-tools-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52408 – WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52408
13 Nov 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/push-notification-for-wp-by-pushassist/wordpress-push-notifications-for-wordpress-by-pushassist-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49515 – Substance3D - Painter | Untrusted Search Path (CWE-426)
https://notcve.org/view.php?id=CVE-2024-49515
12 Nov 2024 — Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. • https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-8069 – Limited remote code execution with privilege of a NetworkService Account access
https://notcve.org/view.php?id=CVE-2024-8069
12 Nov 2024 — Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server • https://github.com/XiaomingX/cve-2024-8069-exp-Citrix-Virtual-Apps-XEN • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49050 – Visual Studio Code Python Extension Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49050
12 Nov 2024 — Visual Studio Code Python Extension Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49050 • CWE-501: Trust Boundary Violation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49048 – TorchGeo Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49048
12 Nov 2024 — TorchGeo Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49048 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49032 – Microsoft Office Graphics Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49032
12 Nov 2024 — Microsoft Office Graphics Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49032 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49031 – Microsoft Office Graphics Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49031
12 Nov 2024 — Microsoft Office Graphics Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49031 • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49030 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49030
12 Nov 2024 — Microsoft Excel Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49030 • CWE-122: Heap-based Buffer Overflow •