CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-6691 – Code Injection vulnerability in Cambium ePMP Force 300-25
https://notcve.org/view.php?id=CVE-2023-6691
18 Dec 2023 — Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-32728 – Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin
https://notcve.org/view.php?id=CVE-2023-32728
18 Dec 2023 — The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. La clave del elemento Zabbix Agent 2 smart.disk.get no sanitiza sus parámetros antes de pasarlos a un comando de shell, lo que resulta en una posible vulnerabilidad de ejecución remota de código. • https://support.zabbix.com/browse/ZBX-23858 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6899 – rmountjoy92 DashMachine Config save_config code injection
https://notcve.org/view.php?id=CVE-2023-6899
17 Dec 2023 — The manipulation of the argument value_template leads to code injection. ... Durch das Beeinflussen des Arguments value_template mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://treasure-blarney-085.notion.site/DashMachine-Unauthorized-RCE-931a35a81af9448ebe9fb4cd904d4a0c • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6886 – xnx3 wangmarket Role Management Page code injection
https://notcve.org/view.php?id=CVE-2023-6886
17 Dec 2023 — The manipulation leads to code injection. ... Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/xnx3/wangmarket/issues/8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6851 – kalcaddle KodExplorer ZIP Archive app.php unzipList code injection
https://notcve.org/view.php?id=CVE-2023-6851
16 Dec 2023 — The manipulation leads to code injection. ... Durch Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50723 – XWiki Platform remote code execution/programming rights with configuration section from any user account
https://notcve.org/view.php?id=CVE-2023-50723
15 Dec 2023 — XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by al... • https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50721 – XWiki Platform RCE from account through SearchAdmin
https://notcve.org/view.php?id=CVE-2023-50721
15 Dec 2023 — XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page li... • https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-5512 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2023-5512
15 Dec 2023 — An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 16.3 anteriores a 16.4.4, todas las versiones desde 16.5 anteriores a 16.5.4, todas las versiones desde 16.6 ant... • https://gitlab.com/gitlab-org/gitlab/-/issues/427827 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-6051 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2023-6051
15 Dec 2023 — An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 16.4.4, todas las versiones desde 15.5 anteriores a 16.5.4, todas las versiones desde 16.6 anteriores a 16.6.2. La integridad del archivo pu... • https://gitlab.com/gitlab-org/gitlab/-/issues/431345 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48390 – Multisuns EasyLog web+ - Command Injection
https://notcve.org/view.php?id=CVE-2023-48390
15 Dec 2023 — Multisuns EasyLog web+ has a code injection vulnerability. • https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •