CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21552
https://notcve.org/view.php?id=CVE-2024-21552
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server. • https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L149 https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L180 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38944
https://notcve.org/view.php?id=CVE-2024-38944
An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. Un problema en Intelight X-1L Traffic controller Maxtime v.1.9.6 permite a un atacante remoto ejecutar código arbitrario a través del componente /cgi-bin/generateForm.cgi?formID=142. • https://gist.github.com/LemonSec/6aaea8320187a38e1a398fa321f12303 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-6950 – import code injection
https://notcve.org/view.php?id=CVE-2024-6950
The manipulation of the argument file leads to code injection. ... Durch das Beeinflussen des Arguments file mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gist.github.com/J1rrY-learn/c5818d700476c4debcf8a334a5c9c243 https://vuldb.com/?ctiid.272072 https://vuldb.com/?id.272072 https://vuldb.com/?submit.375244 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-6960 – H2O deserializes ML models without filtering, potentially allowing execution of malicious code
https://notcve.org/view.php?id=CVE-2024-6960
An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform. • https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-6947 – Flute CMS Notification ContentParser.php replaceContent code injection
https://notcve.org/view.php?id=CVE-2024-6947
The manipulation leads to code injection. ... Mittels Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md https://vuldb.com/?ctiid.272069 https://vuldb.com/?id.272069 https://vuldb.com/?submit.376785 • CWE-94: Improper Control of Generation of Code ('Code Injection') •