CVSS: 7.0EPSS: %CPEs: -EXPL: 0CVE-2024-8025 – Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8025
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-48454
https://notcve.org/view.php?id=CVE-2024-48454
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin? • https://github.com/N0zoM1z0/CVEs/blob/main/CVE-2024-48454.md https://www.sourcecodester.com https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48514
https://notcve.org/view.php?id=CVE-2024-48514
php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. • https://github.com/MaestroError/php-heic-to-jpg https://github.com/marcoris/CVEs/tree/master/CVE-2024-48514 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48423
https://notcve.org/view.php?id=CVE-2024-48423
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. • https://github.com/assimp/assimp/issues/5788 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50420 – WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50420
The aDirectory – Directory Listing WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •