CVE-2024-6298 remote code execution

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely...

CVE-2024-6298

CVE-2024-6298 affects ABB ASPECT Enterprise, NEXUS Series, and MATRIX Series up to firmware 3.08.01. The root cause is improper input validation in the uploadFile() handler (bigUpload.php), enabling directory traversal and remote code execution by writing arbitrary files. Exploitation has been de...

CVE-2024-5683

Improper Control of Generation of Code 'Code Injection' vulnerability in Next4Biz CRM & BPM Software Business Process Manangement BPM allows Remote Code Inclusion. This issue affects Business Process Manangement BPM: from 6.6.4.4 before 6.6.4.5...

CVE-2024-5683

Improper Control of Generation of Code 'Code Injection' vulnerability in Next4Biz CRM & BPM Software Business Process Manangement BPM allows Remote Code Inclusion. This issue affects Business Process Manangement BPM: from 6.6.4.4 before 6.6.4.5...

CVE-2024-5683

CVE-2024-5683 is an improper control of generation of code vulnerability in Next4Biz BPM software. Multiple connected records confirm the issue affects Next4Biz BPM/CRM with vulnerable versions: 6.6.4.4 prior to 6.6.4.5, indicating a flaw in code generation controls that can lead to remote code e...

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

CVE-2024-26289

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18...

CVE-2024-26289

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18...

CVE-2024-26289 Remote Code Inclusion Vulnerability in Multiple PMB Versions

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18...

CVE-2024-26289

The CVE-2024-26289 issue is a Deserialization of Untrusted Data vulnerability in PMB Services PMB that enables Remote Code Inclusion. Concrete details from connected documents: affected PMB versions are 7.3.1–7.3.18, 7.4.1–7.4.9, and 7.5.1–7.5.6-2. Root cause is deserialization of untrusted data....

PMB 安全漏洞

PMB is a 100% free document management reference tool from the PMB Services team. A security vulnerability exists in PMB Services that stems from the presence of an untrustworthy data deserialization vulnerability that allows remote code inclusion. The following versions are affected: versions...

CVE-2024-34434

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2024-34434

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2024-34434

CVE-2024-34434 is an Incorrect Authorization vulnerability in the WordPress MDTF (Meta Data and Taxonomies Filter) plugin. The issue affects MDTF versions from some unknown start until 1.3.3.2 and enables Code Inclusion/Arbitrary Shortcode Execution through a flawed authorization check. Red Hat’s...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

PT-2024-25888 · WordPress · Wordpress Meta Data/Taxonomies Filter

Name of the Vulnerable Software and Affected Versions: WordPress Meta Data and Taxonomies Filter MDTF versions 1.3.3.2 and earlier Description: The issue is related to an Incorrect Authorization vulnerability, allowing Code Inclusion and Functionality Misuse. Recommendations: For WordPress Meta...

CVE-2024-2537 Electron Code Injection in Logi Tune macOS Application

Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion...