CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9707 – Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-9707
This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. • https://github.com/RandomRobbieBF/CVE-2024-9707 https://www.wordfence.com/threat-intel/vulnerabilities/id/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=cve https://github.com/WordPressBugBounty/plugins-hunk-companion/blob/5a3cedc7b3d35d407b210e691c53c6cb400e4051/hunk-companion/import/app/app.php#L46 https://wordpress.org/plugins/hunk-companion https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3166501%40hunk-companion&new=3166501%40hunk-companion&sfp_email=&sfph_mail= • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-7037 – Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7037
This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution. • https://huntr.com/bounties/8508db68-9c99-4b1c-828c-e1bfcacfb847 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8015 – Telerik Report Server Insecure Type Resolution
https://notcve.org/view.php?id=CVE-2024-8015
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47422 – Adobe Framemaker | Untrusted Search Path (CWE-426)
https://notcve.org/view.php?id=CVE-2024-47422
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. ... This could allow the attacker to execute arbitrary code in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb24-82.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45142 – Substance3D - Stager | Write-what-where Condition (CWE-123)
https://notcve.org/view.php?id=CVE-2024-45142
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html • CWE-123: Write-what-where Condition •