CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-25095 – Duplicator < 1.3.0 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2018-25095
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. El complemento Duplicator de WordPress anterior a 1.3.0 no escapa correctamente de los valores cuando su script de instalación reemplaza los valores en los archivos de configuración de WordPress. Si este script de instalación se deja en el sitio después de su uso, podría usarse para ejecutar código arbitrario en el servidor. The Duplicator – WordPress Migration & Backup Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 1.3.0 (exclusive) via the/installer.php file. • https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50710 – Hono's named path parameters can be overridden in TrieRouter
https://notcve.org/view.php?id=CVE-2023-50710
Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. Version 3.11.7 includes the change to fix this issue. • https://github.com/honojs/hono/commit/8e2b6b08518998783f66d31db4f21b1b1eecc4c8 https://github.com/honojs/hono/releases/tag/v3.11.7 https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48639 – Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability I
https://notcve.org/view.php?id=CVE-2023-48639
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48633 – ZDI-CAN-22173: Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-48633
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/after_effects/apsb23-75.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48634 – ZDI-CAN-22175: Adobe After Effects AEP File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-48634
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/after_effects/apsb23-75.html • CWE-20: Improper Input Validation •