CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31224 – GPT Academic: Pickle deserializing cookies may pose RCE risk
https://notcve.org/view.php?id=CVE-2024-31224
The server deserializes untrustworthy data from the client, which may risk remote code execution. • https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35 https://github.com/binary-husky/gpt_academic/pull/1648 https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-30162 – Invision Community 4.7.16 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-30162
Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. ... This can be exploited by admin users (with the toolbar_manage permission) to write arbitrary PHP files into that directory, leading to execution of arbitrary PHP code in the context of the web server user. • http://seclists.org/fulldisclosure/2024/Apr/21 https://invisioncommunity.com • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31808
https://notcve.org/view.php?id=CVE-2024-31808
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro webWlanIdx en la función setWebWlanIdx. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_3_setWebWlanIdx/CI.md • CWE-233: Improper Handling of Parameters •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31807
https://notcve.org/view.php?id=CVE-2024-31807
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro hostTime en la función NTPSyncWithHost. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31809
https://notcve.org/view.php?id=CVE-2024-31809
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro FileName en la función setUpgradeFW. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_4_setUpgradeFW/CI.md • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •