CVE-2024-6127 – BC Security Empire Path Traversal RCE
https://notcve.org/view.php?id=CVE-2024-6127
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. • https://aceresponder.com/blog/exploiting-empire-c2-framework https://github.com/ACE-Responder/Empire-C2-RCE-PoC https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102 https://vulncheck.com/advisories/empire-unauth-rce https://blog.harmj0y.net/empire/empire-fails https://github.com/ACE-Responder/Empire-C2-RCE-PoC/tree/main • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-5980 – Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning
https://notcve.org/view.php?id=CVE-2024-5980
This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution. • https://huntr.com/bounties/55a6ac6f-89c7-42ea-86f3-c6e93a2679f3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-5824 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-5824
This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`. • https://github.com/parisneo/lollms/commit/eda3af5f5c4ea9b2f3569f72f8d05989e29367fc https://huntr.com/bounties/9ceb7cf9-a7cd-4699-b3f8-d0999d2b49fd • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-5751 – Remote Code Execution in BerriAI/litellm
https://notcve.org/view.php?id=CVE-2024-5751
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. • https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-5826 – Remote Code Execution via Prompt Injection in vanna-ai/vanna
https://notcve.org/view.php?id=CVE-2024-5826
In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. ... This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of the server. • https://huntr.com/bounties/90620087-44ac-4e43-b659-3c5d30889369 • CWE-94: Improper Control of Generation of Code ('Code Injection') •