CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6451 – AI Engine < 2.5.1 - Admin+ RCE
https://notcve.org/view.php?id=CVE-2024-6451
29 Jul 2024 — AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. ... The AI Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the /wp-json/mwai/v1/settings/update REST API endpoint. ... This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33365
https://notcve.org/view.php?id=CVE-2024-33365
29 Jul 2024 — Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. • https://hackmd.io/%40JohnathanHuuTri/rJNbEItJC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7230 – Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7230
29 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1000 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7237 – AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7237
29 Jul 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1007 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6459 – News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI
https://notcve.org/view.php?id=CVE-2024-6459
27 Jul 2024 — This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be upload... • https://wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41119 – streamlit-geospatial remote code execution in pages/8_🏜️_Raster_Data_Visualization.py
https://notcve.org/view.php?id=CVE-2024-41119
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_🏜️_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. ... _Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41117 – Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py
https://notcve.org/view.php?id=CVE-2024-41117
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_🌍_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. ... _Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41116 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params
https://notcve.org/view.php?id=CVE-2024-41116
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41115 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette
https://notcve.org/view.php?id=CVE-2024-41115
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41114 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option
https://notcve.org/view.php?id=CVE-2024-41114
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •