CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38736 – WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38736
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. The Realtyna Organic IDX plugin + WPL Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.14.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38734 – WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38734
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4. The Import Spreadsheets from Microsoft Excel plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 10.1.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/import-spreadsheets-from-microsoft-excel/wordpress-import-spreadsheets-from-microsoft-excel-plugin-10-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32467
https://notcve.org/view.php?id=CVE-2023-32467
A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 • CWE-665: Improper Initialization •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32472
https://notcve.org/view.php?id=CVE-2023-32472
A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-37770
https://notcve.org/view.php?id=CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. Se descubrió que 14Finger v1.1 contenía una vulnerabilidad de ejecución remota de comandos (RCE) en la función de huellas dactilares. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante un payload manipulado. • https://github.com/k3ppf0r/CVE-2024-37770 https://github.com/b1ackc4t/14Finger/issues/13 • CWE-94: Improper Control of Generation of Code ('Code Injection') •