CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-3126 – Command Injection in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-3126
Successful exploitation could lead to arbitrary remote code execution (RCE) on the system where the application is deployed. ... Una explotación exitosa podría conducir a la ejecución remota de código (RCE) arbitraria en el sistema donde se implementa la aplicación. • https://github.com/parisneo/lollms-webui/commit/41dbb1b3f2e78ea276e5269544e50514252c0c25 https://huntr.com/bounties/0e2bec70-826e-4c24-8015-31921e23fd12 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3403 – Local File Inclusion in imartinez/privategpt
https://notcve.org/view.php?id=CVE-2024-3403
This vulnerability could lead to various impacts, including but not limited to remote code execution by obtaining private SSH keys, unauthorized access to private files, source code disclosure facilitating further attacks, and exposure of configuration files. imartinez/privategpt versión 0.2.0 es vulnerable a una vulnerabilidad de inclusión de archivos local que permite a los atacantes leer archivos arbitrarios del sistema de archivos. • https://huntr.com/bounties/7431d1dd-f014-4d4f-acb6-f97369ef3688 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4326 – Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4326
A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. ... Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. • https://github.com/parisneo/lollms-webui/commit/abb4c6d495a95a3ef5b114ffc57f85cd650b905e https://huntr.com/bounties/2ab9f03d-0538-4317-be21-0748a079cbdd • CWE-15: External Control of System or Configuration Setting •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2358 – Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2358
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. ... This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. • https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30294 – Adobe Animate OGG File Parsing Heap Memory Corruption remote code execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30294
Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-36.html • CWE-122: Heap-based Buffer Overflow •