CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-11958 – SQL Injection in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-11958
20 Mar 2025 — This can lead to remote code execution (RCE) by installing the shellfs extension and executing malicious commands. • https://github.com/run-llama/llama_index/commit/35bd221e948e40458052d30c6ef2779bc965b6d0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12389 – Path Traversal in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-12389
20 Mar 2025 — An attacker can exploit this vulnerability to perform arbitrary file writes, which can lead to remote code execution. • https://huntr.com/bounties/37afb1c9-bba9-47ee-8617-a5f715271654 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-11041 – Remote Code Execution in vllm-project/vllm
https://notcve.org/view.php?id=CVE-2024-11041
20 Mar 2025 — The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary code. • https://huntr.com/bounties/00136195-11e0-4ad0-98d5-72db066e867f • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10950 – Code Injection in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-10950
20 Mar 2025 — This vulnerability can be exploited by an attacker to achieve remote code execution (RCE) on the application backend server, potentially gaining full control of the server. • https://huntr.com/bounties/9abb1617-0c1d-42c7-a647-d9d2b39c6866 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12390 – Remote Code Execution in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-12390
20 Mar 2025 — A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. ... This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application's own code. • https://huntr.com/bounties/1add2b26-460d-4aa5-8fda-ab045d153177 • CWE-475: Undefined Behavior for Input to API •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-9439 – Remote Code Execution in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9439
20 Mar 2025 — SuperAGI is vulnerable to remote code execution in the latest version. • https://huntr.com/bounties/d710884f-b5ab-4b31-a2e6-e4b38488def1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-6982 – Remote Code Execution in Calculate Function in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-6982
20 Mar 2025 — A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. • https://github.com/parisneo/lollms/commit/30e7eaba2ccfb751a81e7cb29fdef2ae8ffa6832 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-10019 – Path Traversal and OS Command Injection in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-10019
20 Mar 2025 — The function does not properly sanitize the `app_name` parameter, enabling an attacker to upload a malicious `server.py` file and execute arbitrary code by exploiting the path traversal vulnerability. • https://huntr.com/bounties/3cf80890-2d8a-4fc7-8e0e-6d4bf648b3ea • CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12433 – Remote Code Execution in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12433
20 Mar 2025 — A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. ... Additionally, the server processes incoming data using pickle deserialization via `pickle.loads()` on `connection.recv()`, making it vulnerable to remote code execution. • https://github.com/infiniflow/ragflow/commit/49494d4e3c8f06a5e52cf1f7cce9fa03cadcfbf6 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9920 – Unrestricted File Upload and Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-9920
20 Mar 2025 — The vulnerability arises from the use of 'subprocess.Popen' to open files without proper validation, leading to potential remote code execution. • https://huntr.com/bounties/c70c6732-23b3-4ef8-aec6-0a47467d1ed5 • CWE-434: Unrestricted Upload of File with Dangerous Type •