CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49000
https://notcve.org/view.php?id=CVE-2023-49000
27 Dec 2023 — An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. Un problema en ArtistScope ArtisBrowser v.34.1.5 y anteriores permite a un atacante omitir las restricciones de acceso previstas mediante la interacción con el componente com.artis.browser.IntentReceiverActivity. An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restr... • https://github.com/actuator/com.artis.browser/blob/main/CWE-94.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49001
https://notcve.org/view.php?id=CVE-2023-49001
27 Dec 2023 — An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. Un problema en Indi Browser (aka kvbrowser) v.12.11.23 permite a un atacante omitir las restricciones de acceso previstas mediante la interacción con el componente com.example.gurry.kvbrowswer.webview. • https://github.com/actuator/com.gurry.kvbrowser/blob/main/CWE-94.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 66%CPEs: 1EXPL: 12CVE-2023-51467 – Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2023-51467
26 Dec 2023 — The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code La vulnerabilidad permite a los atacantes omitir la autenticación para lograr Server-Side Request Forgery (SSRF) simple. • https://github.com/AhmedMansour93/Event-ID-217-Rule-Name-SOC254-Apache-OFBiz-Auth-Bypass-and-Code-Injection-0Day-CVE-2023-51467- • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51700 – WP-Mobile-BankID-Integration WordPress Database Deserialization: Potential for Object Injection
https://notcve.org/view.php?id=CVE-2023-51700
26 Dec 2023 — This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. • https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/commit/8251c6298a995ccf4f26c43f03ed11a275dd0c5f • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 10%CPEs: 4EXPL: 0CVE-2023-7101 – Spreadsheet::ParseExcel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-7101
24 Dec 2023 — Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. ... Spreadsheet::ParseExcel es afectado por una vulnerabilidad de ejecución de código arbitrario (ACE) debido a que se pasa una entrada no validada de un archivo a una "evaluación" de tipo cadena. • http://www.openwall.com/lists/oss-security/2023/12/29/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51387 – Expression Injection Vulnerability in Hertzbeat
https://notcve.org/view.php?id=CVE-2023-51387
22 Dec 2023 — Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. • https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49391
https://notcve.org/view.php?id=CVE-2023-49391
22 Dec 2023 — An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. Se descubrió un problema en free5GC versión 3.3.0, que permite a atacantes remotos ejecutar código arbitrario y provocar una denegación de servicio (DoS) en el componente AMF a través de un mensaje NGAP manipulado. • https://github.com/free5gc/free5gc/issues/497 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-51015
https://notcve.org/view.php?id=CVE-2023-51015
22 Dec 2023 — TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi TOTOLINX EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios en 'enable parameter' de la interfaz setDmzCfg del cstecgi .cgi • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setDmzCfg • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-51026
https://notcve.org/view.php?id=CVE-2023-51026
22 Dec 2023 — TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. TOTOlink EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro 'hour' de la interfaz setRebootScheCfg de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setRebootScheCfg-hour • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49004
https://notcve.org/view.php?id=CVE-2023-49004
19 Dec 2023 — An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. Un problema en D-Link DIR-850L v.B1_FW223WWb01 permite a un atacante remoto ejecutar código arbitrario a través de un script manipualdo para el parámetro en. • https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •