CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30878
https://notcve.org/view.php?id=CVE-2024-30878
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. Vulnerabilidad decross-site scripting (XSS) en RageFrame2 v2.6.43 permite a atacantes remotos ejecutar scripts web o HTML arbitrarios y obtener información confidencial a través de un payload manipulado inyectado en el parámetro upload_drive. • https://github.com/jianyan74/rageframe2/issues/111 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-22722
https://notcve.org/view.php?id=CVE-2024-22722
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. Vulnerabilidad de Server Side Template Injection (SSTI) en Form Tools 3.1.1 permite a los atacantes ejecutar comandos arbitrarios a través del campo Nombre de grupo en la sección Agregar formularios de la aplicación. • https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-29399
https://notcve.org/view.php?id=CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. Se descubrió un problema en GNU Savane v.3.13 y anteriores que permite a un atacante remoto ejecutar código arbitrario y escalar privilegios a través de un archivo manipulado al componente upload.php. • https://github.com/ally-petitt/CVE-2024-29399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2195 – Remote Code Execution in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-2195
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise. • https://huntr.com/bounties/22f2355e-b875-4c01-b454-327e5951c018 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3098 – Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-3098
A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. • https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475 https://huntr.com/bounties/1bce0d61-ad03-4b22-bc32-8f99f92974e7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •