CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5500 – Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-5500
This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. • https://cert.vde.com/en/advisories/VDE-2023-049 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 4CVE-2023-6553 – Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. El complemento Backup Migration para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 1.3.7 incluida a través del archivo /includes/backup-heart.php. Esto se debe a que un atacante puede controlar los valores pasados a una inclusión y, posteriormente, aprovecharlos para lograr la ejecución remota de código. • https://github.com/Chocapikk/CVE-2023-6553 https://github.com/cc3305/CVE-2023-6553 https://github.com/kiddenta/CVE-2023-6553 https://github.com/motikan2010/CVE-2023-6553-PoC http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118 https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38 https:/& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5058
https://notcve.org/view.php?id=CVE-2023-5058
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. • https://www.kb.cert.org/vuls/id/811862 https://www.phoenix.com/security-notifications https://www.phoenix.com/security-notifications/cve-2023-5058 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42826 – Apple macOS Hydra Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42826
Processing a file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213940 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43301
https://notcve.org/view.php?id=CVE-2023-43301
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Un problema en la miniaplicación DARTS SHOP MAXIM en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal. • https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43301.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •