CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27833 – Apple Safari B3 JIT Compiler Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-27833
10 Jun 2024 — Processing maliciously crafted web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to perform arbitrary code execution when processing web content. • http://seclists.org/fulldisclosure/2024/Jun/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32897
https://notcve.org/view.php?id=CVE-2022-32897
10 Jun 2024 — Processing a maliciously crafted tiff file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213345 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37014
https://notcve.org/view.php?id=CVE-2024-37014
10 Jun 2024 — Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. Langflow hasta la versión 0.6.19 permite la ejecución remota de código si los usuarios que no son de confianza pueden acceder al endpoint "POST /api/v1/custom_component" y proporcionar un script de Python. • https://github.com/langflow-ai/langflow/issues/1973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36531
https://notcve.org/view.php?id=CVE-2024-36531
10 Jun 2024 — nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. • https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 95%CPEs: 5EXPL: 66CVE-2024-4577 – PHP-CGI OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-4577
09 Jun 2024 — PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. • https://packetstorm.news/files/id/179085 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1880 – OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt
https://notcve.org/view.php?id=CVE-2024-1880
06 Jun 2024 — Specifically, the use of `os.system` to execute the `say` command with user-supplied text allows for arbitrary code execution if an attacker can inject shell commands. • https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3095 – SSRF in Langchain Web Research Retriever in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-3095
06 Jun 2024 — This could potentially lead to arbitrary code execution, depending on the nature of the local services. • https://github.com/leoCottret/CVE-2024-30956 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-4320 – Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4320
06 Jun 2024 — The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for local file inclusion (LFI) leading to arbitrary code execution. • https://github.com/bolkv/CVE-2024-4320 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4889 – Code Injection in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-4889
06 Jun 2024 — A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. • https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35746 – WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-35746
06 Jun 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Asghar Hatampoor BuddyPress Cover permite la inyección de código. Este problema afecta a BuddyPress Cover: desde n/a hasta 2.1.4.2. The BuddyPress Cover plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation... • https://patchstack.com/database/vulnerability/bp-cover/wordpress-buddypress-cover-plugin-2-1-4-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •