CVSS: 8.8EPSS: %CPEs: -EXPL: 0CVE-2024-11394 – Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11394
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of the current user. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10204 – Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025
https://notcve.org/view.php?id=CVE-2024-10204
These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/vulnerability/advisories • CWE-122: Heap-based Buffer Overflow CWE-457: Use of Uninitialized Variable •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51503 – Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Deep Security Agent. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0018154 https://www.zerodayinitiative.com/advisories/ZDI-24-1516 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10899 – WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-10899
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/wc-product-table-lite/tags/3.8.6/main.php#L1778 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3190789%40wc-product-table-lite&new=3190789%40wc-product-table-lite&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/c9b010ff-8a4a-4553-bb2b-d58a254d7ee4?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10913 – Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace'
https://notcve.org/view.php?id=CVE-2024-10913
If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy//tags/2.4.6/lib/icit_srdb_replacer.php#L24 https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.4.7/lib/icit_srdb_replacer.php#L24 https://www.wordfence.com/threat-intel/vulnerabilities/id/16569267-ab52-4b96-86f0-d37c470a3938?source=cve • CWE-502: Deserialization of Untrusted Data •