Lucene search
K

2524 matches found

Cvelist
Cvelist
added 2024/07/26 8:13 p.m.35 views

CVE-2024-41115 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

9.8CVSS0.01475EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/07/26 8:10 p.m.26 views

CVE-2024-41114 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 430 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 435, leading to remote code executio...

9.8CVSS0.01395EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/07/26 8:1 p.m.31 views

CVE-2024-41112 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

9.8CVSS0.01395EPSS
Exploits1References4
CVE
CVE
added 2024/07/26 8:1 p.m.58 views

CVE-2024-41112

CVE-2024-41112 affects streamlit-geospatial. The palette variable in pages/1_📷_Timelapse.py accepts user input and is used in eval() at line 380, enabling remote code execution prior to commit c4f81d9616d40c60584e36abb15300853a66e489. The commit fixes this issue. NVD lists CVSS v3.1 base score 9....

9.8CVSS9.8AI score0.01395EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.3 views

streamlit-geospatial 安全漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A security vulnerability exists in streamlit-geospatial, which originates in pages/1? The visparams variable in Timelapse.py accepts user input that is then used in the...

9.8CVSS7.9AI score0.01395EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.4 views

streamlit-geospatial 安全漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A security vulnerability exists in streamlit-geospatial, which originates in pages/1? The palette variable in Timelapse.py accepts user input that is then used in the eva...

9.8CVSS7.9AI score0.01475EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.4 views

PT-2024-29275 · Unknown · Streamlit-Geospatial

Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue arises from the vis params variable, which takes user input in the 8 🏜️ Raster Data Visualization.py file. This input is later used i...

9.8CVSS8AI score0.01395EPSS
Exploits1References7
CVE
CVE
added 2024/07/22 2:18 p.m.40 views

CVE-2024-21552

CVE-2024-21552 – SuperAGI is affected by an Arbitrary Code Execution vulnerability due to unsafe use of the eval() function. The PT-2023-9274 document notes that all SuperAGI versions are vulnerable and that exploitation can allow a remote attacker to execute arbitrary code and take full control ...

9.8CVSS9.8AI score0.00631EPSS
Exploits0References2
OSV
OSV
added 2024/07/19 3:2 p.m.5 views

CLSA-2024-1721401321 Fix CVE(s): CVE-2020-27619

SECURITY UPDATE: eval on content received via HTTP in test suite - debian/patches/CVE-2020-27619.patch: No longer call eval on content received via HTTP in the CJK codec tests - CVE-2020-27619...

9.8CVSS6.8AI score0.08235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/18 12:0 a.m.12 views

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

8.8AI score0.00813EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.8 views

PT-2024-28377 · Unknown · Calculator-Boilerplate

Name of the Vulnerable Software and Affected Versions: calculator-boilerplate version 1.0 Description: The issue is related to a remote code execution RCE vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field. The...

9.8CVSS8.3AI score0.00813EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/18 12:0 a.m.34 views

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

0.00813EPSS
Exploits0References1
PyPA
PyPA
added 2024/07/15 5:15 a.m.6 views

PYSEC-2024-62

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

8.5CVSS8.1AI score0.01864EPSS
Exploits1References4Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/15 12:0 a.m.44 views

OSGeo GeoServer GeoTools Eval Injection Vulnerability

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

9.8CVSS8.2AI score0.99813EPSS
In wildExploits25
GithubExploit
GithubExploit
added 2024/07/05 3:2 a.m.320 views

Exploit for Code Injection in Geoserver

GeoServer 无回显 远程代码执行漏洞 CVE-2024-36401 options: -h, --help sho...

9.8CVSS9.8AI score0.99813EPSS
Exploits25
Github Security Blog
Github Security Blog
added 2024/06/27 9:32 p.m.24 views

litellm vulnerable to remote code execution based on using eval unsafely

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

9.8CVSS7.5AI score0.00875EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/26 12:24 a.m.6 views

kernel: netfilter: nf_tables: disallow anonymous set with timeout flag

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFTSETEVAL to ensure legacy meters still work...

5.5CVSS6.8AI score0.00257EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/06/26 12:0 a.m.22 views

CVE-2024-39242

A cross-site scripting XSS vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using evalString.fromCharCode...

0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.4 views

PT-2024-28406 · Skycaiji · Skycaiji

Name of the Vulnerable Software and Affected Versions: skycaiji version 2.8 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload using evalString.fromCharCode. This enables the execution of malicious code on the victim's...

6.1CVSS6.4AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2024/06/26 12:0 a.m.61 views

CVE-2024-39242

CVE-2024-39242 is a reported cross-site scripting (XSS) vulnerability in skycaiji v2.8 . The issue arises from a crafted payload that uses eval(String.fromCharCode()) , enabling attackers to run arbitrary web scripts/HTML in a victim’s browser. The CVSS 3.1 metrics indicate a Network attack vecto...

6.1CVSS5.6AI score0.00278EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder