CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37061
https://notcve.org/view.php?id=CVE-2024-37061
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. La ejecución remota de código puede ocurrir en versiones de la plataforma MLflow que ejecutan la versión 1.11.0 o posterior, lo que permite que un proyecto ML creado con fines malintencionados ejecute código arbitrario en el sistema de un usuario final cuando se ejecuta. • https://hiddenlayer.com/sai-security-advisory/mlflow-june2024 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-20881
https://notcve.org/view.php?id=CVE-2024-20881
Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06 •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-36569
https://notcve.org/view.php?id=CVE-2024-36569
Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. • https://github.com/debug601/bug_report/blob/main/vendors/mayuri_k/gas-agency-management-system/RCE-1.md • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36568
https://notcve.org/view.php?id=CVE-2024-36568
Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. Sourcecodester Gas Agency Management System v1.0 es vulnerable a la inyección SQL a través de /gasmark/editbrand.php?id=. • https://github.com/debug601/bug_report/blob/main/vendors/mayuri_k/gas-agency-management-system/SQL-1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36120 – javascript-deobfuscator crafted payload can lead to code execution
https://notcve.org/view.php?id=CVE-2024-36120
javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature. javascript-deobfuscator elimina técnicas comunes de ofuscación de JavaScript. • https://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6 https://github.com/ben-sb/javascript-deobfuscator/security/advisories/GHSA-9p6p-8v9r-8c9m • CWE-94: Improper Control of Generation of Code ('Code Injection') •