CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51329
https://notcve.org/view.php?id=CVE-2024-51329
A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. • https://github.com/idrsdev/agile-board/tree/main https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51329%20-%20Host%20Header%20Injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10263 – Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-10263
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48050
https://notcve.org/view.php?id=CVE-2024-48050
In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands. En agentscope <=v0.0.4, el archivo agentscope\web\workstation\workflow_utils.py tiene la función is_callable_expression. Dentro de esta función, la línea result = eval(s) plantea un riesgo de seguridad, ya que puede ejecutar directamente comandos proporcionados por el usuario. • https://gist.github.com/AfterSnows/0ad9d233a9d2a5b7e6e5273e2e23508d https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Code-Execution-via-The-use-of-eval-in-is_callable_expression-and-sanitize_nod-cd4ea6c576da4e0b965ef596855c298d • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48061
https://notcve.org/view.php?id=CVE-2024-48061
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. langflow <=1.0.18 es vulnerable a la ejecución remota de código (RCE), ya que cualquier componente proporciona la funcionalidad del código y los componentes se ejecutan en la máquina local en lugar de en un entorno aislado. • https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61 https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47939
https://notcve.org/view.php?id=CVE-2024-47939
If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. • https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000011 https://jvn.jp/en/jp/JVN87770340 https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000011 • CWE-121: Stack-based Buffer Overflow •