CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29212
https://notcve.org/view.php?id=CVE-2024-29212
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. Debido a un método de deserialización inseguro utilizado por el servidor Veeam Service Provider Console (VSPC) en la comunicación entre el agente de administración y sus componentes, bajo ciertas condiciones, es posible realizar la ejecución remota de código (RCE) en la máquina del servidor VSPC. • https://www.veeam.com/kb4575 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-32700 – WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32700
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/nastar-id/CVE-2024-32700 https://patchstack.com/database/vulnerability/chatbot-chatgpt/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4701 – Path Traversal vulnerability via File Uploads in Genie
https://notcve.org/view.php?id=CVE-2024-4701
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18 Un problema de Path Traversal que podría provocar la ejecución remota de código en Genie para todas las versiones anteriores a la 4.3.18 • https://github.com/JoeBeeton/CVE-2024-4701-POC https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34359 – llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
https://notcve.org/view.php?id=CVE-2024-34359
This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload. llama-cpp-python son los enlaces de Python para llama.cpp. • https://github.com/abetlen/llama-cpp-python/commit/b454f40a9a1787b2b5659cd2cb00819d983185df https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829 • CWE-76: Improper Neutralization of Equivalent Special Elements •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4560 – Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function
https://notcve.org/view.php?id=CVE-2024-4560
This makes it possible for unauthenticated attackers, with to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-file-upload.php#L17 https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •