NotCVE - ACE

Page 92 of 8640 results (0.020 seconds)

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0

CVE-2024-20881

https://notcve.org/view.php?id=CVE-2024-20881

Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06 •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

CVE-2024-36569

https://notcve.org/view.php?id=CVE-2024-36569

Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. • https://github.com/debug601/bug_report/blob/main/vendors/mayuri_k/gas-agency-management-system/RCE-1.md • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-36568

https://notcve.org/view.php?id=CVE-2024-36568

Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. Sourcecodester Gas Agency Management System v1.0 es vulnerable a la inyección SQL a través de /gasmark/editbrand.php?id=. • https://github.com/debug601/bug_report/blob/main/vendors/mayuri_k/gas-agency-management-system/SQL-1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-36120 – javascript-deobfuscator crafted payload can lead to code execution

https://notcve.org/view.php?id=CVE-2024-36120

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature. javascript-deobfuscator elimina técnicas comunes de ofuscación de JavaScript. • https://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6 https://github.com/ben-sb/javascript-deobfuscator/security/advisories/GHSA-9p6p-8v9r-8c9m • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

CVE-2024-5565 – Prompt Injection in "ask" API with visualization leads to RCE

https://notcve.org/view.php?id=CVE-2024-5565

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution. La librería Vanna utiliza una función de solicitud para presentar al usuario resultados visualizados; es posible modificar la solicitud mediante inyección de solicitud y ejecutar código Python arbitrario en lugar del código de visualización deseado. Específicamente, permitir la entrada externa al método "preguntar" de la librería con "visualizar" configurado en Verdadero (comportamiento predeterminado) conduce a la ejecución remota de código. • https://research.jfrog.com/vulnerabilities/vanna-prompt-injection-rce-jfsa-2024-001034449 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

1...90 91 92 93 94