CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48063
https://notcve.org/view.php?id=CVE-2024-48063
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. En PyTorch <=2.4.1, RemoteModule tiene RCE de deserialización. In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. • https://github.com/zgimszhd61/CVE-2024-48063-poc https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065 https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c https://github.com/pytorch/pytorch/issues/129228 https://github.com/pytorch/pytorch/security/policy#using-distributed-features • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48138
https://notcve.org/view.php?id=CVE-2024-48138
A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template. Una vulnerabilidad de ejecución remota de código (RCE) en el componente /PluXml/core/admin/parametres_edittpl.php de PluXml v5.8.16 y anteriores permite a los atacantes ejecutar código arbitrario mediante la inyección de un payload manipulado en una plantilla. • https://github.com/pluxml/PluXml/issues/829 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48461
https://notcve.org/view.php?id=CVE-2024-48461
Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attacker to execute arbitrary code via the New Journey field. • https://github.com/bassmaster187/TeslaLogger/blob/65f5ff43c7cacf0391ddc21b90f77a2e8c8d860e/TeslaLogger/bin/changelog.md?plain=1#L4 https://mohammedshine.github.io/CVE-2024-48461.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51568
https://notcve.org/view.php?id=CVE-2024-51568
There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters. • https://cwe.mitre.org/data/definitions/78.html https://cyberpanel.net/KnowledgeBase/home/change-logs https://cyberpanel.net/blog/cyberpanel-v2-3-5 https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8512 – W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8512
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740 https://plugins.trac.wordpress.org/changeset/3175640 https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •