CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-32700 – WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32700
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/nastar-id/CVE-2024-32700 https://patchstack.com/database/vulnerability/chatbot-chatgpt/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4701 – Path Traversal vulnerability via File Uploads in Genie
https://notcve.org/view.php?id=CVE-2024-4701
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18 Un problema de Path Traversal que podría provocar la ejecución remota de código en Genie para todas las versiones anteriores a la 4.3.18 • https://github.com/JoeBeeton/CVE-2024-4701-POC https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34359 – llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
https://notcve.org/view.php?id=CVE-2024-34359
This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload. llama-cpp-python son los enlaces de Python para llama.cpp. • https://github.com/abetlen/llama-cpp-python/commit/b454f40a9a1787b2b5659cd2cb00819d983185df https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829 • CWE-76: Improper Neutralization of Equivalent Special Elements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4560 – Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function
https://notcve.org/view.php?id=CVE-2024-4560
This makes it possible for unauthenticated attackers, with to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-file-upload.php#L17 https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4044 – Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio
https://notcve.org/view.php?id=CVE-2024-4044
A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://ni.com/r/CVE-2024-4044 • CWE-502: Deserialization of Untrusted Data •