CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50531 – WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50531
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/rsvpmaker-for-toastmasters/wordpress-rsvpmaker-for-toastmasters-plugin-6-2-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48093
https://notcve.org/view.php?id=CVE-2024-48093
Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types. • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-48093/Description.md https://youtu.be/rCYIohrQdxM • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48112
https://notcve.org/view.php?id=CVE-2024-48112
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. • https://github.com/nn0nkey/nn0nkey/blob/main/Thinkphp/CVE-2024-48112.md https://github.com/top-think/think • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48214
https://notcve.org/view.php?id=CVE-2024-48214
By that, the attacker can execute arbitrary code on the camera. • https://medium.com/%40shenhavmor/exploiting-a-chinese-camera-for-fun-cve-2024-48214-2d56848870c2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48807
https://notcve.org/view.php?id=CVE-2024-48807
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. • https://medium.com/%40KrishnaChaganti/cross-site-scripting-xss-in-appointment-management-system-cve-2024-48807-0f7523be9fa2 https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •