CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8746 – File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
https://notcve.org/view.php?id=CVE-2024-8746
This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve https://filemanagerpro.io • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-6519 – Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-6519
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual LSI53C895A SCSI Host Bus Adapter. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://access.redhat.com/security/cve/CVE-2024-6519 https://bugzilla.redhat.com/show_bug.cgi?id=2292089 https://www.zerodayinitiative.com/advisories/ZDI-24-1382 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49291 – WordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49291
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/cooked-pro/wordpress-cooked-pro-plugin-1-8-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49314 – WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49314
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/jiangqie-free-mini-program/wordpress-jiangqie-free-mini-program-plugin-2-5-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2023-31493
https://notcve.org/view.php?id=CVE-2023-31493
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. • http://zoneminder.com https://medium.com/%40dk50u1/rce-remote-code-execution-in-zoneminder-up-to-1-36-33-0686f5bcd370 • CWE-94: Improper Control of Generation of Code ('Code Injection') •