CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39704
https://notcve.org/view.php?id=CVE-2024-39704
28 Jun 2024 — Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318. Soft Circle French-Bread Melty Blood: Actress Again: Current Code hasta 1.07 Rev. 1.4.0 permite a un atacante remoto ejecutar código arbitrario en la máquina de un cliente a través de un paquete manipulado en el puerto TCP 46318. • https://github.com/MikeIsAStar/Melty-Blood-Actress-Again-Current-Code-Remote-Code-Execution •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37420 – WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37420
28 Jun 2024 — This makes it possible for authenticated attackers, with subscriber-level access and above, to upload malicious files that can be used for remote code execution. • https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6127 – BC Security Empire Path Traversal RCE
https://notcve.org/view.php?id=CVE-2024-6127
27 Jun 2024 — BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path. • https://github.com/ACE-Responder/Empire-C2-RCE-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5980 – Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning
https://notcve.org/view.php?id=CVE-2024-5980
27 Jun 2024 — This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution. • https://huntr.com/bounties/55a6ac6f-89c7-42ea-86f3-c6e93a2679f3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5824 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-5824
27 Jun 2024 — This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`. • https://github.com/parisneo/lollms/commit/eda3af5f5c4ea9b2f3569f72f8d05989e29367fc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5751 – Remote Code Execution in BerriAI/litellm
https://notcve.org/view.php?id=CVE-2024-5751
27 Jun 2024 — BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. • https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5826 – Remote Code Execution via Prompt Injection in vanna-ai/vanna
https://notcve.org/view.php?id=CVE-2024-5826
27 Jun 2024 — In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of... • https://huntr.com/bounties/90620087-44ac-4e43-b659-3c5d30889369 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2024-3330 – Spotfire Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-3330
27 Jun 2024 — ., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitrary code as the account running the Web player process, In the case of Automation Services: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code via Automation Services..This issue affects Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0 through 14.0.2; Spotfire Server: fro... • https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-june-262024-spotfire-cve-2024-3330-r3435 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38370 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38370
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38368 – IBM Security Access Manager Docker information disclosure
https://notcve.org/view.php?id=CVE-2023-38368
27 Jun 2024 — IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://packetstorm.news/files/id/182466 • CWE-276: Incorrect Default Permissions CWE-863: Incorrect Authorization •