CVE-2024-47649 – WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-47649
Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en THATplugin Iconize. Este problema afecta a Iconize: desde n/a hasta 1.2.4. The Iconize plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/iconize/wordpress-iconize-plugin-1-2-4-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-9324 – Intelbras InControl Relatório de Operadores Page operador code injection
https://notcve.org/view.php?id=CVE-2024-9324
The manipulation of the argument fields leads to code injection. ... Dank der Manipulation des Arguments fields mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.278828 https://vuldb.com/?id.278828 https://vuldb.com/?submit.375614 https://youtu.be/UdZVktPUy8A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-6983 – Remote Code Execution in mudler/localai
https://notcve.org/view.php?id=CVE-2024-6983
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system. • https://huntr.com/bounties/f91fb287-412e-4c89-87df-9e4b6e609647 https://github.com/mudler/localai/commit/d02a0f6f01d5c4a926a2d67190cb55d7aca23b66 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-46489
https://notcve.org/view.php?id=CVE-2024-46489
A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. • https://github.com/VulnSphere/LLMVulnSphere/blob/main/Prompt/promptr/RCE_FC_6.0.7.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-46461
https://notcve.org/view.php?id=CVE-2024-46461
If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. • https://www.videolan.org/security/sb-vlc3021.html • CWE-122: Heap-based Buffer Overflow •