CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40125
https://notcve.org/view.php?id=CVE-2024-40125
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. • https://github.com/brendontkl/My-CVEs/tree/main/CVE-2024-40125 https://www.closed-loop.biz • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46946
https://notcve.org/view.php?id=CVE-2024-46946
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. • https://cwe.mitre.org/data/definitions/95.html https://docs.sympy.org/latest/modules/codegen.html https://gist.github.com/12end/68c0c58d2564ef4141bccd4651480820#file-cve-2024-46946-txt https://github.com/langchain-ai/langchain/releases/tag/langchain-experimental%3D%3D0.3.0 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 3%CPEs: 1EXPL: 1CVE-2024-46986 – Arbitrary file write leading to RCE in Camaleon CMS
https://notcve.org/view.php?id=CVE-2024-46986
This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. • https://github.com/vidura2/CVE-2024-46986 https://codeql.github.com/codeql-query-help/ruby/rb-path-injection https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5 https://owasp.org/www-community/attacks/Path_Traversal https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-34026
https://notcve.org/view.php?id=CVE-2024-34026
A specially crafted EtherNet/IP request can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2005 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45679
https://notcve.org/view.php?id=CVE-2024-45679
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. • https://github.com/assimp/assimp/releases/tag/v5.4.3 https://jvn.jp/en/jp/JVN42386607 • CWE-122: Heap-based Buffer Overflow •