CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45846
https://notcve.org/view.php?id=CVE-2024-45846
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27321
https://notcve.org/view.php?id=CVE-2024-27321
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. • https://hiddenlayer.com/sai-security-advisory/2024-09-autolabel • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27320
https://notcve.org/view.php?id=CVE-2024-27320
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. • https://hiddenlayer.com/sai-security-advisory/2024-09-autolabel • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31336
https://notcve.org/view.php?id=CVE-2024-31336
In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. • https://source.android.com/security/bulletin/2024-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44466
https://notcve.org/view.php?id=CVE-2024-44466
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. • https://github.com/CurryRaid/iot_vul/tree/main/comfast • CWE-94: Improper Control of Generation of Code ('Code Injection') •