CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-7080 – Arbitrary remote code execution within wrangler dev Workers sandbox
https://notcve.org/view.php?id=CVE-2023-7080
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. • https://github.com/cloudflare/workers-sdk/issues/4430 https://github.com/cloudflare/workers-sdk/pull/4437 https://github.com/cloudflare/workers-sdk/pull/4535 https://github.com/cloudflare/workers-sdk/pull/4550 https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51420 – WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-51420
Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. • https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46623 – WordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-46623
Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2. • https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7148 – ShifuML shifu Java Expression Language DataPurifier.java code injection
https://notcve.org/view.php?id=CVE-2023-7148
The manipulation of the argument FilterExpression leads to code injection. ... Dank Manipulation des Arguments FilterExpression mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://drive.google.com/file/d/1ST3dD-iwUBgBNZ8tGaBbqVi1zRh5rLND/view https://vuldb.com/?ctiid.249151 https://vuldb.com/?id.249151 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31296
https://notcve.org/view.php?id=CVE-2023-31296
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a los atacantes obtener información confidencial a través del campo User Name. • https://herolab.usd.de/en/security-advisories/usd-2022-0054 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •