CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-9701 – Remote Code Execution in kedro-org/kedro
https://notcve.org/view.php?id=CVE-2024-9701
20 Mar 2025 — A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). ... Crafting a malicious payload and storing it in the shelve file can lead to RCE when the payload is deserialized. • https://github.com/kedro-org/kedro/commit/d79fa51de55ac0ccb58cce1a482df1b445f0fe7c • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12044 – Remote Code Execution by Pickle Deserialization in open-mmlab/mmdetection
https://notcve.org/view.php?id=CVE-2024-12044
20 Mar 2025 — A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. ... This allows an attacker to execute arbitrary code by broadcasting a malicious payload to the distributed training network. • https://huntr.com/bounties/f7e4fc32-e167-49fb-9fc7-f092b9c27e8a • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-7033 – Arbitrary File Write in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7033
20 Mar 2025 — This can result in overwriting critical system or application files, causing denial of service, or potentially achieving remote code execution (RCE). RCE can allow an attacker to execute malicious code with the privileges of the user running the application, leading to a full system compromise. • https://huntr.com/bounties/7078261f-8414-4bb7-9d72-a2a4d8bfd5d1 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10190 – Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod
https://notcve.org/view.php?id=CVE-2024-10190
20 Mar 2025 — Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. • https://huntr.com/bounties/3e398d1f-70c2-4e05-ae22-f5d66b19a754 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-8060 – Remote Code Execution in OpenWebUI via Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8060
20 Mar 2025 — This can be exploited by an authenticated user to overwrite critical files within the Docker container, potentially leading to remote code execution as the root user. • https://huntr.com/bounties/a3b1a4b7-c723-496d-842c-844cc0988fe9 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-10901 – Arbitrary File Write via DuckDB SQL Injection in eosphoros-ai/db-gpt
https://notcve.org/view.php?id=CVE-2024-10901
20 Mar 2025 — This can potentially lead to Remote Code Execution (RCE) by writing malicious files such as `__init__.py` in the Python's `/site-packages/` directory. • https://huntr.com/bounties/db2c1d59-6e3a-4553-a1f6-94c8df162a18 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-8502 – Remote Code Execution via Deserialization in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8502
20 Mar 2025 — A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution (RCE) via deserialization of untrusted data using the dill library. • https://huntr.com/bounties/7a42da2a-2ae5-442d-aff9-c9a3b47870eb • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-9053 – Remote Code Execution in vllm-project/vllm
https://notcve.org/view.php?id=CVE-2024-9053
20 Mar 2025 — This can result in remote code execution by deserializing malicious pickle data. • https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-10835 – Arbitrary File Write via SQL Injection in eosphoros-ai/db-gpt
https://notcve.org/view.php?id=CVE-2024-10835
20 Mar 2025 — This can potentially lead to Remote Code Execution (RCE). • https://huntr.com/bounties/e32fda74-ca83-431c-8de8-08274ba686c9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-9052 – Remote Code Execution by Pickle Deserialization in vllm-project/vllm
https://notcve.org/view.php?id=CVE-2024-9052
20 Mar 2025 — The function vllm.distributed.GroupCoordinator.recv_object() deserializes received object bytes using pickle.loads() without sanitization, leading to a remote code execution vulnerability. • https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8 • CWE-502: Deserialization of Untrusted Data •