CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37410 – WordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37410
28 Jun 2024 — This makes it possible for authenticated attackers, with Editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/powerpack-addon-for-beaver-builder/wordpress-powerpack-lite-for-beaver-builder-plugin-1-3-0-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27628
https://notcve.org/view.php?id=CVE-2024-27628
28 Jun 2024 — Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. • https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39704
https://notcve.org/view.php?id=CVE-2024-39704
28 Jun 2024 — Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318. Soft Circle French-Bread Melty Blood: Actress Again: Current Code hasta 1.07 Rev. 1.4.0 permite a un atacante remoto ejecutar código arbitrario en la máquina de un cliente a través de un paquete manipulado en el puerto TCP 46318. • https://github.com/MikeIsAStar/Melty-Blood-Actress-Again-Current-Code-Remote-Code-Execution •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37420 – WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37420
28 Jun 2024 — This makes it possible for authenticated attackers, with subscriber-level access and above, to upload malicious files that can be used for remote code execution. • https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6127 – BC Security Empire Path Traversal RCE
https://notcve.org/view.php?id=CVE-2024-6127
27 Jun 2024 — BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path. • https://github.com/ACE-Responder/Empire-C2-RCE-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5980 – Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning
https://notcve.org/view.php?id=CVE-2024-5980
27 Jun 2024 — This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution. • https://huntr.com/bounties/55a6ac6f-89c7-42ea-86f3-c6e93a2679f3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5824 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-5824
27 Jun 2024 — This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`. • https://github.com/parisneo/lollms/commit/eda3af5f5c4ea9b2f3569f72f8d05989e29367fc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5751 – Remote Code Execution in BerriAI/litellm
https://notcve.org/view.php?id=CVE-2024-5751
27 Jun 2024 — BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. • https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5826 – Remote Code Execution via Prompt Injection in vanna-ai/vanna
https://notcve.org/view.php?id=CVE-2024-5826
27 Jun 2024 — In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of... • https://huntr.com/bounties/90620087-44ac-4e43-b659-3c5d30889369 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2024-3330 – Spotfire Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-3330
27 Jun 2024 — ., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitrary code as the account running the Web player process, In the case of Automation Services: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code via Automation Services..This issue affects Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0 through 14.0.2; Spotfire Server: fro... • https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-june-262024-spotfire-cve-2024-3330-r3435 • CWE-250: Execution with Unnecessary Privileges •