CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45858
https://notcve.org/view.php?id=CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. • https://hiddenlayer.com/sai-security-advisory/2024-09-guardrails • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46373
https://notcve.org/view.php?id=CVE-2024-46373
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. • https://github.com/gaorenyusi/gaorenyusi/blob/main/CVE-2024-46373.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-46559
https://notcve.org/view.php?id=CVE-2024-46559
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#acee48e159494c479aecc1bfa87f0d83 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35515
https://notcve.org/view.php?id=CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. • https://github.com/piskvorky/sqlitedict https://wha13.github.io/2024/06/13/mfcve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-45798 – Multiple Poisoned Pipeline Execution (PPE) vulnerabilities
https://notcve.org/view.php?id=CVE-2024-45798
Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). • https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection https://github.com/espressif/arduino-esp32/blob/690bdb511d9f001e2066da2dda2c631a3eee270f/.github/workflows/tests_results.yml https://github.com/espressif/arduino-esp32/security/advisories/GHSA-h52q-xhg2-6jw8 https://securitylab.github.com/research/github-actions-preventing-pwn-requests https://securitylab.github.com/research/github-actions-untrusted-input • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •