CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6702
https://notcve.org/view.php?id=CVE-2024-6702
12 Sep 2024 — Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. • https://support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45851
https://notcve.org/view.php?id=CVE-2024-45851
12 Sep 2024 — An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45850
https://notcve.org/view.php?id=CVE-2024-45850
12 Sep 2024 — An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45849
https://notcve.org/view.php?id=CVE-2024-45849
12 Sep 2024 — An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45848
https://notcve.org/view.php?id=CVE-2024-45848
12 Sep 2024 — An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45847
https://notcve.org/view.php?id=CVE-2024-45847
12 Sep 2024 — An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45846
https://notcve.org/view.php?id=CVE-2024-45846
12 Sep 2024 — An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27321
https://notcve.org/view.php?id=CVE-2024-27321
12 Sep 2024 — An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. • https://hiddenlayer.com/sai-security-advisory/2024-09-autolabel • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27320
https://notcve.org/view.php?id=CVE-2024-27320
12 Sep 2024 — An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. • https://hiddenlayer.com/sai-security-advisory/2024-09-autolabel • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8639 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8639
11 Sep 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •