CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1522 – Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1522
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. • https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-3085 – PHPGurukul Emergency Ambulance Hiring Portal Admin Login Page login.php sql injection
https://notcve.org/view.php?id=CVE-2024-3085
The manipulation of the argument username leads to sql injection. ... Mit der Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. • https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sqli.md https://vuldb.com/? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29890 – Remote code execution in datalens-ui
https://notcve.org/view.php?id=CVE-2024-29890
A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. • https://github.com/datalens-tech/datalens/security/advisories/GHSA-6278-2wvc-4p93 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29202 – JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery
https://notcve.org/view.php?id=CVE-2024-29202
Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29201 – JumpServer's insecure Ansible playbook validation leads to RCE in Celery
https://notcve.org/view.php?id=CVE-2024-29201
Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. • https://github.com/jumpserver/jumpserver/security/advisories/GHSA-pjpp-cm9x-6rwj • CWE-94: Improper Control of Generation of Code ('Code Injection') •