Page 131 of 35138 results (0.080 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. • https://cwe.mitre.org/data/definitions/95.html https://docs.sympy.org/latest/modules/codegen.html https://gist.github.com/12end/68c0c58d2564ef4141bccd4651480820#file-cve-2024-46946-txt https://github.com/langchain-ai/langchain/releases/tag/langchain-experimental%3D%3D0.3.0 • CWE-20: Improper Input Validation •

CVSS: 9.9EPSS: 3%CPEs: 1EXPL: 1

This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. • https://github.com/vidura2/CVE-2024-46986 https://codeql.github.com/codeql-query-help/ruby/rb-path-injection https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5 https://owasp.org/www-community/attacks/Path_Traversal https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0

A specially crafted EtherNet/IP request can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2005 • CWE-121: Stack-based Buffer Overflow •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. • https://github.com/assimp/assimp/releases/tag/v5.4.3 https://jvn.jp/en/jp/JVN42386607 • CWE-122: Heap-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component • https://github.com/xiaobye-ctf/My-CVE/tree/main/BTstack/CVE-2024-40568 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •