CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-5565 – Prompt Injection in "ask" API with visualization leads to RCE
https://notcve.org/view.php?id=CVE-2024-5565
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution. • https://research.jfrog.com/vulnerabilities/vanna-prompt-injection-rce-jfsa-2024-001034449 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 95%CPEs: 1EXPL: 12CVE-2024-23692 – Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
https://notcve.org/view.php?id=CVE-2024-23692
This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. ... This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request. • https://github.com/verylazytech/CVE-2024-23692 https://github.com/0x20c/CVE-2024-23692-EXP https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692 https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS https://github.com/vanboomqi/CVE-2024-23692 https://github.com/BBD-YZZ/CVE-2024-23692 https://github.com/k3lpi3b4nsh33/CVE-2024-23692 https://github.com/Tupler/CVE-2024-23692-exp https://github.com/Mr-r00t11/CVE-2024-23692 http • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5436 – Type Confusion in Snapchat Lenscore
https://notcve.org/view.php?id=CVE-2024-5436
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. • https://hackerone.com/snapchat • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30373 – Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30373
Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-24-557 • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-5512 – Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5512
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •