CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43792 – baserCMS Code Injection Vulnerability in Mail Form Feature
https://notcve.org/view.php?id=CVE-2023-43792
30 Oct 2023 — In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. • https://basercms.net/security/JVN_45547161 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21381
https://notcve.org/view.php?id=CVE-2023-21381
30 Oct 2023 — In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. • https://source.android.com/docs/security/bulletin/android-14 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-44141
https://notcve.org/view.php?id=CVE-2023-44141
30 Oct 2023 — Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. • https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46865
https://notcve.org/view.php?id=CVE-2023-46865
30 Oct 2023 — /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. /api/v1/company/upload-logo en CompanyController.php en crater hasta 6.0.6 permite a un superadministrador ejecutar código PHP arbitrario colocando este código en un fragmento IDAT image/png de una imagen del Logotipo de la Empresa. • https://github.com/asylumdx/Crater-CVE-2023-46865-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-36767
https://notcve.org/view.php?id=CVE-2020-36767
30 Oct 2023 — tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. tinyfiledialogs (también conocido como diálogos de archivos pequeños) anteriores a 3.8.0 permite metacaracteres de shell en títulos, mensajes y otros datos de entrada. • https://github.com/servo/servo/issues/25498#issuecomment-703527082 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-5843 – Ads by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-5843
30 Oct 2023 — The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. El complemento Ads by datafeedr.com para WordPress es vulnerable a la ejecución remota de código en versiones hasta la 1.1.3 incluida a través de la función 'dfads_ajax_load_ads'. Esto pe... • https://github.com/codeb0ss/CVE-2023-5843-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33636 – Load malicious images may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33636
29 Oct 2023 — When the isula load command is used to load malicious images, attackers can execute arbitrary code. Cuando el comando isula load se utiliza para cargar imágenes maliciosas, los atacantes pueden ejecutar código arbitrario. • https://gitee.com/src-openeuler/iSulad/pulls/600/files • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33635 – Pull malicious images may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33635
29 Oct 2023 — When malicious images are pulled by isula pull, attackers can execute arbitrary code. Cuando isula pull extrae imágenes maliciosas, los atacantes pueden ejecutar código arbitrario. • https://gitee.com/src-openeuler/iSulad/pulls/600/files • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27858 – Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2023-27858
27 Oct 2023 — Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. ... Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27854 – Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-27854
27 Oct 2023 — An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-125: Out-of-bounds Read •