CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-40086
https://notcve.org/view.php?id=CVE-2024-40086
A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40086.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-40089
https://notcve.org/view.php?id=CVE-2024-40089
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. • http://vilo.com https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40089.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48659
https://notcve.org/view.php?id=CVE-2024-48659
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. • https://gist.github.com/CLan-nad/a879f7696a58656b384c46bf4ba74e80 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49652 – WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49652
The 3D Work In Progress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/renee-work-in-progress/wordpress-3d-work-in-progress-plugin-1-0-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49653 – WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49653
The Portfolleo plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/portfolleo/wordpress-portfolleo-plugin-1-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •