CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4264 – Remote Code Execution in berriai/litellm
https://notcve.org/view.php?id=CVE-2024-4264
A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. ... Existe una vulnerabilidad de ejecución remota de código (RCE) en el proyecto berriai/litellm debido a un control inadecuado de la generación de código cuando se utiliza la función `eval` de forma insegura en el método `litellm.get_secret()`. • https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-23554 – HCL BigFix Platform is susceptible to Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-23554
Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el token de sesión que podría conducir a la ejecución remota de código (RCE). • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113140 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-31974
https://notcve.org/view.php?id=CVE-2024-31974
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions). • https://github.com/actuator/com.solarized.firedown https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34982
https://notcve.org/view.php?id=CVE-2024-34982
An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/n2ryx/CVE/blob/main/Lylme_pagev1.9.5.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34919
https://notcve.org/view.php?id=CVE-2024-34919
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/CveSecLook/cve/issues/20 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •