CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0605
https://notcve.org/view.php?id=CVE-2024-0605
This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. • https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 https://www.mozilla.org/security/advisories/mfsa2024-03 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23750
https://notcve.org/view.php?id=CVE-2024-23750
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. MetaGPT hasta 0.6.4 permite que la función QaEngineer ejecute código arbitrario porque RunCode.run_script() pasa metacaracteres de shell al subproceso.Popen. • https://github.com/geekan/MetaGPT/issues/731 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0521 – Code Injection in paddlepaddle/paddle
https://notcve.org/view.php?id=CVE-2024-0521
Code Injection in paddlepaddle/paddle Inyección de código en paddlepaddle/paddle • https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0738 – 个人开源 mldong DecisionModel.java ExpressionEngine code injection
https://notcve.org/view.php?id=CVE-2024-0738
The manipulation leads to code injection. ... Mit der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md https://vuldb.com/?ctiid.251561 https://vuldb.com/?id.251561 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50447 – pillow: Arbitrary Code Execution via the environment parameter
https://notcve.org/view.php?id=CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). ... The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter. • http://www.openwall.com/lists/oss-security/2024/01/20/1 https://devhub.checkmarx.com/cve-details/CVE-2023-50447 https://duartecsantos.github.io/2024-01-02-CVE-2023-50447 https://github.com/python-pillow/Pillow/releases https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html https://access.redhat.com/security/cve/CVE-2023-50447 https://bugzilla.redhat.com/show_bug.cgi?id=2259479 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •