CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-47901
https://notcve.org/view.php?id=CVE-2024-47901
The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-333468.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50050
https://notcve.org/view.php?id=CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. • https://www.facebook.com/security/advisories/cve-2024-50050 •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48919 – RCE via Prompt Injection Into Cursor's Terminal Cmd-K
https://notcve.org/view.php?id=CVE-2024-48919
Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. • https://github.com/getcursor/cursor/security/advisories/GHSA-rmj9-23rg-gr67 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48927 – Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
https://notcve.org/view.php?id=CVE-2024-48927
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-5955-cwv4-h7qh • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38002
https://notcve.org/view.php?id=CVE-2024-38002
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API. • https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002 • CWE-863: Incorrect Authorization •