CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51186
https://notcve.org/view.php?id=CVE-2024-51186
11 Nov 2024 — D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. • https://github.com/4hsien/CVE-vulns/blob/main/D-Link/DIR-820L/CI_ping_addr/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51213
https://notcve.org/view.php?id=CVE-2024-51213
11 Nov 2024 — Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. • https://github.com/Prabhatsk7/CVE/blob/main/CVE-2024-51213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52371 – WordPress Global Gateway e4 plugin <= 2.0 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-52371
11 Nov 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/globe-gateway-e4/wordpress-global-gateway-e4-plugin-2-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52381 – WordPress ZIJ KART plugin <= 1.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52381
11 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through 1.1. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code <... • https://patchstack.com/database/vulnerability/zij-kart/wordpress-zij-kart-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52386 – WordPress Classified Listing plugin <= 3.1.15.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-52386
11 Nov 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP codeRemote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52393 – WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52393
11 Nov 2024 — The Podlove Podcast Publisher plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.1.15. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-15-admin-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46951 – Ubuntu Security Notice USN-7138-1
https://notcve.org/view.php?id=CVE-2024-46951
10 Nov 2024 — An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. ... An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52004 – Remote code execution vulnerabilities in MediaCMS
https://notcve.org/view.php?id=CVE-2024-52004
08 Nov 2024 — MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. ... MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. • https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10547 – WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10547
08 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/wp-membership/10066554 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10470 – WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion
https://notcve.org/view.php?id=CVE-2024-10470
08 Nov 2024 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://github.com/RandomRobbieBF/CVE-2024-10470 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •