CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47663 – WordPress Foyer plugin <= 1.7.5 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-47663
07 Nov 2023 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Menno Luitjes Foyer allows Code Injection.This issue affects Foyer: from n/a through 1.7.5. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Menno Luitjes Foyer permite la inyección de código. Este problema afecta a Foyer: desde n/a hasta 1.7.5. The Foyer – Digital Signage for WordPress plugin for WordPress is vulnerable to unauthorized con... • https://patchstack.com/database/vulnerability/foyer/wordpress-foyer-plugin-1-7-5-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47513 – WordPress ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.3.2 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-47513
07 Nov 2023 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2. Neutralización inadecuada de etiquetas HTML relacionadas con secuencias de comandos en una vulnerabilidad de página web (XSS básico) en ARI Soft ARI Stream Quiz permite la inyección de código. Este problema afecta a ARI Stream Quiz: desde n/a hasta 1.3.2. The ARI Stream Quiz – WordPress Quizzes Builder plugin... • https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-wordpress-quizzes-builder-plugin-1-2-32-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47359 – Ubuntu Security Notice USN-6783-1
https://notcve.org/view.php?id=CVE-2023-47359
07 Nov 2023 — A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code execution. • https://0xariana.github.io/blog/real_bugs/vlc/mms • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32095 – WordPress Rename Media Files Plugin <= 1.0.1 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-32095
07 Nov 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. • https://patchstack.com/database/vulnerability/rename-media-files/wordpress-rename-media-files-plugin-1-0-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46731 – Remote code execution through the section parameter in Administration as guest in XWiki Platform
https://notcve.org/view.php?id=CVE-2023-46731
06 Nov 2023 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been p... • https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40661 – Opensc: multiple memory issues with pkcs15-init (enrollment tool)
https://notcve.org/view.php?id=CVE-2023-40661
06 Nov 2023 — Multiple vulnerabilities have been discovered in OpenSC, the worst of which could lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/12/13/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40660 – Opensc: potential pin bypass when card tracks its own login state
https://notcve.org/view.php?id=CVE-2023-40660
06 Nov 2023 — Multiple vulnerabilities have been discovered in OpenSC, the worst of which could lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/12/13/2 • CWE-287: Improper Authentication •
CVSS: 4.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4535 – Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
https://notcve.org/view.php?id=CVE-2023-4535
06 Nov 2023 — Multiple vulnerabilities have been discovered in OpenSC, the worst of which could lead to arbitrary code execution. • https://access.redhat.com/errata/RHSA-2023:7879 • CWE-125: Out-of-bounds Read •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5964 – 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-5964
06 Nov 2023 — The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a speciall... • https://exchange.1e.com/product-packs/end-user-interaction • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45163 – 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-45163
06 Nov 2023 — The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. • https://https://exchange.1e.com/product-packs/network • CWE-20: Improper Input Validation •