CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5602 – Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool
https://notcve.org/view.php?id=CVE-2024-5602
23 Jul 2024 — A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. ... A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26020
https://notcve.org/view.php?id=CVE-2024-26020
22 Jul 2024 — A specially crafted flashcard can lead to a arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1993 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21552
https://notcve.org/view.php?id=CVE-2024-21552
22 Jul 2024 — All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server. • https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L149 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38944
https://notcve.org/view.php?id=CVE-2024-38944
22 Jul 2024 — An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. Un problema en Intelight X-1L Traffic controller Maxtime v.1.9.6 permite a un atacante remoto ejecutar código arbitrario a través del componente /cgi-bin/generateForm.cgi?formID=142. • https://gist.github.com/LemonSec/6aaea8320187a38e1a398fa321f12303 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-6950 – import code injection
https://notcve.org/view.php?id=CVE-2024-6950
21 Jul 2024 — The manipulation of the argument file leads to code injection. ... Durch das Beeinflussen des Arguments file mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gist.github.com/J1rrY-learn/c5818d700476c4debcf8a334a5c9c243 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6960 – H2O deserializes ML models without filtering, potentially allowing execution of malicious code
https://notcve.org/view.php?id=CVE-2024-6960
21 Jul 2024 — An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform. • https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-6947 – Flute CMS Notification ContentParser.php replaceContent code injection
https://notcve.org/view.php?id=CVE-2024-6947
21 Jul 2024 — The manipulation leads to code injection. ... Mittels Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-6946 – Flute CMS list code injection
https://notcve.org/view.php?id=CVE-2024-6946
21 Jul 2024 — The manipulation of the argument blocks leads to code injection. ... Mittels dem Manipulieren des Arguments blocks mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/DeepMountains/Mirage/blob/main/CVE5-2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6940 – DedeCMS article_template_rand.php code injection
https://notcve.org/view.php?id=CVE-2024-6940
21 Jul 2024 — The manipulation leads to code injection. ... Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gitee.com/fushuling/cve/blob/master/dedeCMS%20V5.7.114%20article_template_rand.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6936 – formtools.org Form Tools Setting code injection
https://notcve.org/view.php?id=CVE-2024-6936
21 Jul 2024 — The manipulation of the argument Page Theme leads to code injection. ... Mittels dem Manipulieren des Arguments Page Theme mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/DeepMountains/Mirage/blob/main/CVE2-2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •