CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36177
https://notcve.org/view.php?id=CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. Se descubrió un problema en badaix Snapcast versión 0.27.0, que permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través de una solicitud manipulada en JSON-RPC-API. • http://snapcast.com https://oxnan.com/posts/Snapcast_jsonrpc_rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0605
https://notcve.org/view.php?id=CVE-2024-0605
This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. • https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 https://www.mozilla.org/security/advisories/mfsa2024-03 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23750
https://notcve.org/view.php?id=CVE-2024-23750
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. MetaGPT hasta 0.6.4 permite que la función QaEngineer ejecute código arbitrario porque RunCode.run_script() pasa metacaracteres de shell al subproceso.Popen. • https://github.com/geekan/MetaGPT/issues/731 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0521 – Code Injection in paddlepaddle/paddle
https://notcve.org/view.php?id=CVE-2024-0521
Code Injection in paddlepaddle/paddle Inyección de código en paddlepaddle/paddle • https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0738 – 个人开源 mldong DecisionModel.java ExpressionEngine code injection
https://notcve.org/view.php?id=CVE-2024-0738
The manipulation leads to code injection. ... Mit der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md https://vuldb.com/?ctiid.251561 https://vuldb.com/?id.251561 • CWE-94: Improper Control of Generation of Code ('Code Injection') •