CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2024-39844 – Debian Security Advisory 5725-1
https://notcve.org/view.php?id=CVE-2024-39844
03 Jul 2024 — In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. ... An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server. • https://github.com/ph1ns/CVE-2024-39844 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6319 – IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload'
https://notcve.org/view.php?id=CVE-2024-6319
03 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/imgspider/tags/2.3.10/classes/post.class.php#L189 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6318 – IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file'
https://notcve.org/view.php?id=CVE-2024-6318
03 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/imgspider/tags/2.3.10/classes/post.class.php#L122 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4708 – mySCADA myPRO Use of Hard-coded Password
https://notcve.org/view.php?id=CVE-2024-4708
02 Jul 2024 — mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. mySCADA myPRO utiliza una contraseña codificada que podría permitir a un atacante ejecutar código de forma remota en el dispositivo afectado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. ... An attacker can leverage this vulnerability to execute code in the context of... • https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02 • CWE-259: Use of Hard-coded Password •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4897 – Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4897
02 Jul 2024 — parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llama_cpp_python-0.2.61+cpuavx2-cp311-cp311-manylinux_2_31_x86_64. The vulnerability arises from the application's 'binding_zoo' feature, which allows attackers to upload and interact with a malicious model file hosted on hugging-face, leading to remote code execution. • https://huntr.com/bounties/ecf386df-4b6a-40b2-9000-db0974355acc • CWE-76: Improper Neutralization of Equivalent Special Elements •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38519 – yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
https://notcve.org/view.php?id=CVE-2024-38519
02 Jul 2024 — Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on Windows executables will be executed from the `yt-dlp` or `youtube-dl` directory), this could lead to arbitrary code being executed. Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on Windows executables will be executed from the `yt-dlp` or `youtube-dl` directory), this could lead to arbitrary code being executed. ... • https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36404 – GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions
https://notcve.org/view.php?id=CVE-2024-36404
02 Jul 2024 — Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. • https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0CVE-2024-34593
https://notcve.org/view.php?id=CVE-2024-34593
02 Jul 2024 — Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •
CVSS: 8.3EPSS: 0%CPEs: 76EXPL: 0CVE-2024-34587
https://notcve.org/view.php?id=CVE-2024-34587
02 Jul 2024 — Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41921 – Download of Code Without Integrity Check in Kiloview P1/P2 devices
https://notcve.org/view.php?id=CVE-2023-41921
02 Jul 2024 — A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. • https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 • CWE-494: Download of Code Without Integrity Check •