CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48061
https://notcve.org/view.php?id=CVE-2024-48061
04 Nov 2024 — langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. langflow <=1.0.18 es vulnerable a la ejecución remota de código (RCE), ya que cualquier componente proporciona la funcionalidad del código y los componentes se ejecutan en la máquina local en lugar de en un entorno aislado. • https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48336
https://notcve.org/view.php?id=CVE-2024-48336
04 Nov 2024 — The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. • https://github.com/canyie/MagiskEoP • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-51136
https://notcve.org/view.php?id=CVE-2024-51136
04 Nov 2024 — An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file. • https://github.com/JAckLosingHeart/CVE-2024-51136-POC • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51326
https://notcve.org/view.php?id=CVE-2024-51326
04 Nov 2024 — SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326%20-%20Union%20SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48463 – Bruno IDE Desktop Command Injection
https://notcve.org/view.php?id=CVE-2024-48463
04 Nov 2024 — A command injection vulnerability in the function shell.openExternal of Bruno IDE Desktop prior to version 1.29.0 allows attackers to execute arbitrary commands by supplying a crafted URL, leading to potential remote code execution. • https://packetstorm.news/files/id/188714 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51774
https://notcve.org/view.php?id=CVE-2024-51774
02 Nov 2024 — qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. • https://sharpsec.run/rce-vulnerability-in-qbittorrent • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48410
https://notcve.org/view.php?id=CVE-2024-48410
01 Nov 2024 — Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php. • https://gist.github.com/Youns92/e7cd3f5d18ab089320f72c51fa3977de • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51377
https://notcve.org/view.php?id=CVE-2024-51377
01 Nov 2024 — An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields • https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-51377 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51432
https://notcve.org/view.php?id=CVE-2024-51432
01 Nov 2024 — Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized • https://en.fiberhome.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51661 – WordPress Media Library Assistant plugin <= 3.19 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-51661
01 Nov 2024 — The Media Library Assistant plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.19. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-19-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •