CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6345 – Remote Code Execution in pypa/setuptools
https://notcve.org/view.php?id=CVE-2024-6345
These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. ... These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. • https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37405
https://notcve.org/view.php?id=CVE-2024-37405
Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory. • https://hackerone.com/reports/2580062 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40546
https://notcve.org/view.php?id=CVE-2024-40546
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAKYP • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40522
https://notcve.org/view.php?id=CVE-2024-40522
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. Existe una vulnerabilidad de ejecución remota de código en SeaCMS 12.9. La vulnerabilidad se debe a que phomebak.php escribe algunos nombres de variables pasados sin filtrarlos antes de escribirlos en el archivo php. • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23317
https://notcve.org/view.php?id=CVE-2024-23317
External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior. • https://security.gallagher.com/Security-Advisories/CVE-2024-23317 • CWE-73: External Control of File Name or Path •