CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4271 – Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4271
12 Sep 2023 — The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_ht... • https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39150
https://notcve.org/view.php?id=CVE-2023-39150
12 Sep 2023 — ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. • https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88 •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-41990 – Apple Multiple Products Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41990
11 Sep 2023 — Processing a font file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213599 •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2019-16471 – Use-After-Free in app.measureDialog - Tianfu Cup
https://notcve.org/view.php?id=CVE-2019-16471
11 Sep 2023 — Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb19-55.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 6%CPEs: 10EXPL: 0CVE-2019-16470 – CoolType.dll crash - Tianfu Cup
https://notcve.org/view.php?id=CVE-2019-16470
11 Sep 2023 — Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb19-55.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 3CVE-2023-42470
https://notcve.org/view.php?id=CVE-2023-42470
11 Sep 2023 — The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs. La aplicación Imou Life com.mm.android.smartlifeiot hasta 6.8.0 para Android permite la ejecución remota de código a través de una intención manipulada para un componente exportado. Esto se relaciona con... • https://github.com/actuator/imou • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 3CVE-2023-42471
https://notcve.org/view.php?id=CVE-2023-42471
11 Sep 2023 — The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions). La aplicación wave.ai.browser hasta la versión 1.0.35 para Android pe... • https://github.com/actuator/wave.ai.browser • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39320 – Arbitrary code execution via go.mod toolchain directive in cmd/go
https://notcve.org/view.php?id=CVE-2023-39320
08 Sep 2023 — The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. La directiva de cadena de herramientas go.mod, introducida en Go 1.21, se puede aprovechar para ejecutar scripts y binarios relativos a la raíz del módulo cuando el comando "go" s... • https://github.com/ayrustogaru/cve-2023-39320 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 4CVE-2023-41064 – Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-41064
07 Sep 2023 — Processing a maliciously crafted image may lead to arbitrary code execution. • https://github.com/alsaeroth/CVE-2023-41064-POC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41061 – Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41061
07 Sep 2023 — A maliciously crafted attachment may result in arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Sep/4 • CWE-20: Improper Input Validation •