CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52427 – WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52427
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un motor de plantillas en Saso Nikolov Event Tickets con Ticket Scanner permite la inyección de Server Side Include (SSI). Este problema afecta a Event Tickets con Ticket Scanner: desde n/a hasta 2.3.11. The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with author-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49362 – Remote Code Execution on click of <a> Link in markdown preview
https://notcve.org/view.php?id=CVE-2024-49362
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution. • https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37285 – Kibana arbitrary code execution via YAML deserialization
https://notcve.org/view.php?id=CVE-2024-37285
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. • https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10979 – PostgreSQL PL/Perl environment variable changes execute arbitrary code
https://notcve.org/view.php?id=CVE-2024-10979
That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. • https://www.postgresql.org/support/security/CVE-2024-10979 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5082 – Nexus Repository 2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5082
A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. • https://support.sonatype.com/hc/en-us/articles/30694125380755 • CWE-94: Improper Control of Generation of Code ('Code Injection') •