CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2912 – Insecure Deserialization Leading to RCE in bentoml/bentoml
https://notcve.org/view.php?id=CVE-2024-2912
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. ... Existe una vulnerabilidad de deserialización insegura en el framework BentoML, que permite la ejecución remota de código (RCE) mediante el envío de una solicitud POST especialmente manipulada. • https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3271 – Command Injection in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-3271
Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. ... The vulnerability allows for remote code execution (RCE) on the server hosting the application. ... La vulnerabilidad permite la ejecución remota de código (RCE) en el servidor que aloja la aplicación. • https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475 https://huntr.com/bounties/9b32490e-7cf9-470e-8d49-ba083ae7a279 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31634
https://notcve.org/view.php?id=CVE-2024-31634
Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library. • https://github.com/buchilajiao1/CVE/blob/main/xunruicms/xunruicms.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32599 – WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-32599
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1. ... The WP Dummy Content Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 3.3.0 (exclusive). This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-3-2-1-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31680
https://notcve.org/view.php?id=CVE-2024-31680
IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component. • https://github.com/heidashuai5588/cve/blob/main/upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •