CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3403 – Local File Inclusion in imartinez/privategpt
https://notcve.org/view.php?id=CVE-2024-3403
This vulnerability could lead to various impacts, including but not limited to remote code execution by obtaining private SSH keys, unauthorized access to private files, source code disclosure facilitating further attacks, and exposure of configuration files. imartinez/privategpt versión 0.2.0 es vulnerable a una vulnerabilidad de inclusión de archivos local que permite a los atacantes leer archivos arbitrarios del sistema de archivos. • https://huntr.com/bounties/7431d1dd-f014-4d4f-acb6-f97369ef3688 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4326 – Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4326
A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. ... Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. • https://github.com/parisneo/lollms-webui/commit/abb4c6d495a95a3ef5b114ffc57f85cd650b905e https://huntr.com/bounties/2ab9f03d-0538-4317-be21-0748a079cbdd • CWE-15: External Control of System or Configuration Setting •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2358 – Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2358
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. ... This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. • https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30294 – Adobe Animate OGG File Parsing Heap Memory Corruption remote code execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30294
Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-36.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30293 – Adobe Animate 2024 AI File parsing Stack base buffer overflow Remote Code execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30293
Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-36.html • CWE-121: Stack-based Buffer Overflow •