CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-7080 – Arbitrary remote code execution within wrangler dev Workers sandbox
https://notcve.org/view.php?id=CVE-2023-7080
29 Dec 2023 — The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. • https://github.com/cloudflare/workers-sdk/issues/4430 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51420 – WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-51420
29 Dec 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. • https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46623 – WordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-46623
29 Dec 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2. • https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7148 – ShifuML shifu Java Expression Language DataPurifier.java code injection
https://notcve.org/view.php?id=CVE-2023-7148
29 Dec 2023 — The manipulation of the argument FilterExpression leads to code injection. ... Dank Manipulation des Arguments FilterExpression mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://drive.google.com/file/d/1ST3dD-iwUBgBNZ8tGaBbqVi1zRh5rLND/view • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31296
https://notcve.org/view.php?id=CVE-2023-31296
29 Dec 2023 — CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a los atacantes obtener información confidencial a través del campo User Name. • https://herolab.usd.de/en/security-advisories/usd-2022-0054 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39333 – nodejs: code injection via WebAssembly export names
https://notcve.org/view.php?id=CVE-2023-39333
28 Dec 2023 — Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. Maliciously crafted export names in an... • https://nodejs.org/en/blog/vulnerability/october-2023-security-releases • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46987
https://notcve.org/view.php?id=CVE-2023-46987
28 Dec 2023 — SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. Se descubrió que SeaCMS v12.9 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /augap/adminip.php. • http://seacms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2023-43481
https://notcve.org/view.php?id=CVE-2023-43481
27 Dec 2023 — An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. Un problema en Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp permite a un atacante remoto ejecutar código JavaScript arbitrario a través del componente com.tcl.browser.portal.browse.activity.BrowsePageActivity. • https://github.com/actuator/com.tcl.browser • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 3CVE-2023-43955
https://notcve.org/view.php?id=CVE-2023-43955
27 Dec 2023 — The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. La aplicación com.phlox.tvwebbrowser TV Bro hasta la versión 2.0.0 para Android maneja mal los intents externos a través de WebView. Esto permite a los atacantes ejecutar código arbitrario y crear archivos arbitrarios. y realizar descargas arb... • https://github.com/actuator/com.phlox.tvwebbrowser • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 4CVE-2023-47883
https://notcve.org/view.php?id=CVE-2023-47883
27 Dec 2023 — The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. La aplicación de navegador de TV com.altamirano.fabricio.tvbrowser hasta 4.5.1 para Android es vulnerable a la ejecución de código JavaScript mediante un intent explícito debido a una MainActivity expuesta. • https://github.com/actuator/com.altamirano.fabricio.tvbrowser • CWE-94: Improper Control of Generation of Code ('Code Injection') •