CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46489
https://notcve.org/view.php?id=CVE-2024-46489
25 Sep 2024 — A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. • https://github.com/VulnSphere/LLMVulnSphere/blob/main/Prompt/promptr/RCE_FC_6.0.7.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9123 – Debian Security Advisory 5775-1
https://notcve.org/view.php?id=CVE-2024-9123
24 Sep 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html • CWE-190: Integer Overflow or Wraparound CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9122 – Debian Security Advisory 5775-1
https://notcve.org/view.php?id=CVE-2024-9122
24 Sep 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9121 – Debian Security Advisory 5775-1
https://notcve.org/view.php?id=CVE-2024-9121
24 Sep 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9120 – Debian Security Advisory 5775-1
https://notcve.org/view.php?id=CVE-2024-9120
24 Sep 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8481 – Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8481
24 Sep 2024 — The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to ... • https://plugins.trac.wordpress.org/browser/wp-special-textboxes/trunk/stb-class.php#L36 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44014 – WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability
https://notcve.org/view.php?id=CVE-2024-44014
24 Sep 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmaxstudio Vmax Project Manager allows PHP Local File Inclusion, Code Injection.This issue affects Vmax Project Manager: from n/a through 1.0. The Vmax Project Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code ... • https://patchstack.com/database/vulnerability/vmax-project-manager/wordpress-vmax-project-manager-plugin-1-0-local-file-inclusion-to-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-0004
https://notcve.org/view.php?id=CVE-2024-0004
23 Sep 2024 — A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. • https://purestorage.com/security • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40442
https://notcve.org/view.php?id=CVE-2024-40442
23 Sep 2024 — An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. • https://github.com/doccano/doccano/releases/tag/v1.8.4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8623 – MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8623
23 Sep 2024 — The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/wp-meta-data-filter-and-taxonomy-filter/trunk/classes/page.php#L248 • CWE-94: Improper Control of Generation of Code ('Code Injection') •