CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46965
https://notcve.org/view.php?id=CVE-2024-46965
The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component. • https://github.com/actuator/allvideo.downloader.browser/blob/main/CVE-2024-46965 https://play.google.com/store/apps/details?id=allvideo.downloader.browser • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46966
https://notcve.org/view.php?id=CVE-2024-46966
The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. • https://github.com/actuator/mn.ikhgur.khotoch/blob/main/CVE-2024-46966 https://play.google.com/store/apps/details?id=mn.ikhgur.khotoch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50636
https://notcve.org/view.php?id=CVE-2024-50636
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application. • https://github.com/schrodinger/pymol-open-source/issues/405 https://github.com/yamerooo123/CVE/blob/main/CVE-2024-50636/Description.md https://youtu.be/SWnN_a1tUNc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52369 – WordPress KBucket plugin <= 4.1.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52369
The KBucket: Your Curated Content in WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/kbucket/wordpress-kbucket-plugin-4-1-6-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52370 – WordPress Hive Support – WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin <= 1.1.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52370
The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/hive-support/wordpress-hive-support-wordpress-help-desk-live-chat-ai-chat-bot-plugin-for-wordpress-plugin-1-1-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •