CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48481
https://notcve.org/view.php?id=CVE-2022-48481
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-691: Insufficient Control Flow Management •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45456
https://notcve.org/view.php?id=CVE-2022-45456
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161. • https://security-advisory.acronis.com/advisories/SEC-4149 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2257
https://notcve.org/view.php?id=CVE-2023-2257
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space. • https://devolutions.net/security/advisories/DEVO-2023-0011 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26388 – ZDI-CAN-20286: Adobe Substance 3D Stager USDZ File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-26388
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USDZ files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. • https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-22235 – Adobe InCopy SVG file Use After Free Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22235
InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/incopy/apsb23-13.html • CWE-416: Use After Free •