CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-6507 – Deep Lake Kaggle command injection
https://notcve.org/view.php?id=CVE-2024-6507
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API Inyección de comando al ingerir un conjunto de datos remoto de Kaggle debido a una falta de sanitización de entrada en la API ingest_kaggle() • https://github.com/activeloopai/deeplake/pull/2876 https://research.jfrog.com/vulnerabilities/deeplake-kaggle-command-injection-jfsa-2024-001035320 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37934 – WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37934
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. • https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-39932
https://notcve.org/view.php?id=CVE-2024-39932
Gogs through 0.13.0 allows argument injection during the previewing of changes. Gogs hasta 0.13.0 permite la inyección de argumentos durante la vista previa de los cambios. • https://github.com/gogs/gogs/releases https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39165
https://notcve.org/view.php?id=CVE-2024-39165
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product. • https://www.synacktiv.com/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-32498 – OpenStack: malicious qcow2/vmdk images
https://notcve.org/view.php?id=CVE-2024-32498
This bypasses isolation restrictions, significantly reducing the security of an affected compute host, and could enable arbitrary code execution, a denial of service, or leaking of secrets. • https://launchpad.net/bugs/2059809 https://www.openwall.com/lists/oss-security/2024/07/02/2 http://www.openwall.com/lists/oss-security/2024/07/02/2 https://security.openstack.org/ossa/OSSA-2024-001.html https://access.redhat.com/security/cve/CVE-2024-32498 https://bugzilla.redhat.com/show_bug.cgi?id=2278663 • CWE-400: Uncontrolled Resource Consumption •