CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49852 – WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-49852
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Vsourz Digital Responsive Slick Slider WordPress permite la inyección de código. Este problema afecta a Responsive Slick Slider WordPress: desde n/a hasta 1.4. The Responsive Slick Slider WordPress plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary content. • https://patchstack.com/database/vulnerability/responsive-slick-slider/wordpress-responsive-slick-slider-wordpress-plugin-1-4-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6288
https://notcve.org/view.php?id=CVE-2023-6288
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. • https://devolutions.net/security/advisories/DEVO-2023-0021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49297 – Unsafe YAML deserialization in PyDrive2
https://notcve.org/view.php?id=CVE-2023-49297
Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. • https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004 https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYR5SJKOFSSXFV3E3D2SLXBUBA5WMJJG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K34YWTDKBAYWZPOAKBYDM72WIFL5CAYW • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 82%CPEs: 1EXPL: 4CVE-2023-49070 – Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
https://notcve.org/view.php?id=CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 RCE de autorización previa en Apache Ofbiz 18.12.09. Se debe a que XML-RPC ya no se mantiene presente. Este problema afecta a Apache OFBiz: antes del 18.12.10. Se recomienda a los usuarios actualizar a la versión 18.12.10 Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability. • https://github.com/UserConnecting/Exploit-CVE-2023-49070-and-CVE-2023-51467-Apache-OFBiz https://github.com/0xrobiul/CVE-2023-49070 https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467 https://github.com/abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC http://packetstormsecurity.com/files/176323/Apache-OFBiz-18.12.09-Remote-Code-Execution.html https://issues.apache.org/jira/browse/OFBIZ-12812 https://lists.apache.org/thread/jmbqk2lp4t4483whzndp5xqlq4f3otg3 https&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49830 – WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-49830
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. • https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •