CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8923 – Sandbox Escape in Now Platform
https://notcve.org/view.php?id=CVE-2024-8923
This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. • https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9846 – Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-9846
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/enable-shortcodes-inside-widgetscomments-and-experts/trunk/enable-shortcodes-inside-widgets-comments-experts.php#L19 https://wordpress.org/plugins/enable-shortcodes-inside-widgetscomments-and-experts/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ac2544-f96b-4859-96de-795753a94264?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-6581 – Remote Code Execution due to Stored XSS in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-6581
Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. • https://github.com/parisneo/lollms/commit/328b960a0de2097e13654ac752253e9541521ddd https://huntr.com/bounties/ad68ecd6-44e2-449b-8e7e-f2b71b1b43c7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-6868 – Arbitrary File Write in mudler/LocalAI
https://notcve.org/view.php?id=CVE-2024-6868
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. ... This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server. • https://github.com/mudler/localai/commit/a181dd0ebc5d3092fc50f61674d552604fe8ef9c https://huntr.com/bounties/752d2376-2d9a-4e17-b462-3c267f9dd229 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-5982 – Path Traversal in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-5982
Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7 https://huntr.com/bounties/5d5c5356-e893-44d1-b5ca-642aa05d96bb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •