CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2023-38204 – Bypass APSB23-41 (CVE-2023-38203) - Pre-Auth RCE ColdFusion 2021 Update 8
https://notcve.org/view.php?id=CVE-2023-38204
14 Sep 2023 — Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 81%CPEs: 1EXPL: 7CVE-2023-41892 – Craft CMS Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2023-41892
13 Sep 2023 — Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15. Craft CMS es una plataforma para crear experiencias digitales. • https://github.com/acesoyeo/CVE-2023-41892 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29305 – Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-29305
13 Sep 2023 — Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Las versiones 12.3 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad Cross-Site Scripting (XSS) Reflejada. Si un atacante puede convencer a una víctima para que visite una URL que haga referencia a una p... • https://helpx.adobe.com/security/products/connect/apsb23-33.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29306 – Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-29306
13 Sep 2023 — Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Las versiones 12.3 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad Cross-Site Scripting (XSS) Reflejada. Si un atacante puede convencer a una víctima para que visite una URL que haga referencia a una p... • https://helpx.adobe.com/security/products/connect/apsb23-33.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 5%CPEs: 6EXPL: 0CVE-2023-26369 – Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-26369
13 Sep 2023 — Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-34.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40728
https://notcve.org/view.php?id=CVE-2023-40728
12 Sep 2023 — This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2022-24093 – Adobe Commerce post-auth improper input validation leads to remote code execution
https://notcve.org/view.php?id=CVE-2022-24093
12 Sep 2023 — Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb22-13.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3039
https://notcve.org/view.php?id=CVE-2023-3039
12 Sep 2023 — A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. • https://www.dell.com/support/kbdoc/en-us/000216282/dsa-2023-274 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40621 – Code Injection vulnerability in SAP PowerDesigner Client
https://notcve.org/view.php?id=CVE-2023-40621
12 Sep 2023 — SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default. SAP PowerDesigner Client - versión 16.7, permite a un atacante no autenticado inyectar código VBScript en un documento y hacer que lo abra un usuario despre... • https://me.sap.com/notes/3357163 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-40624 – Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)
https://notcve.org/view.php?id=CVE-2023-40624
12 Sep 2023 — SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application. SAP NetWeaver AS ABAP (aplicaciones basadas en renderizado unificado): versiones SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, permite a un a... • https://me.sap.com/notes/3323163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •