CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32626
https://notcve.org/view.php?id=CVE-2023-32626
18 Aug 2023 — Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. La vulnerabilidad de funcionalidad oculta en LAN-W300N/RS todas las versiones, y LAN-W300N/PR5 todas las versiones permite a un atacante no autenticado iniciar sesión en la consola de gestión determinada del producto y ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU91630351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40313 – Disable BeanShell Interpreter Remote Server Mode
https://notcve.org/view.php?id=CVE-2023-40313
17 Aug 2023 — A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. Un intérprete de BeanSh... • https://docs.opennms.com/horizon/32/releasenotes/changelog.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 2CVE-2023-37914 – Privilege escalation (PR)/RCE from account through Invitation subject/message
https://notcve.org/view.php?id=CVE-2023-37914
17 Aug 2023 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` ... • https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40252
https://notcve.org/view.php?id=CVE-2023-40252
17 Aug 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. • https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40606 – WordPress Kanban Boards for WordPress Plugin <= 2.5.21 is vulnerable to Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2023-40606
17 Aug 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. • https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40557 – WordPress Tabs & Accordion plugin <= 1.3.10 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-40557
17 Aug 2023 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in PickPlugins Tabs & Accordion allows Code Injection.This issue affects Tabs & Accordion: from n/a through 1.3.10. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en PickPlugins Tabs & Accordion permite la inyección de código. Este problema afecta a Tabs & Accordion: desde n/a hasta 1.3.10. The Tabs & Accordion plugin for WordPress is v... • https://patchstack.com/database/vulnerability/tabs/wordpress-tabs-accordion-plugin-1-3-8-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3169 – tagDiv Composer < 4.2 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2023-3169
17 Aug 2023 — The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. El complemento de WordPress tagDiv Composer anterior a 4.2, utilizado como complemento de los temas Newspaper y Newsmag de tagDiv, no tiene autorización en una ruta REST y no vali... • https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-20209
https://notcve.org/view.php?id=CVE-2023-20209
16 Aug 2023 — A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management ... • https://github.com/peter5he1by/CVE-2023-20209 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 490EXPL: 0CVE-2023-28075
https://notcve.org/view.php?id=CVE-2023-28075
16 Aug 2023 — A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-38860
https://notcve.org/view.php?id=CVE-2023-38860
15 Aug 2023 — An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. Un problema en LangChain v.0.0.231 permite a un atacante remoto ejecutar código arbitrario a través del parámetro prompt. • https://github.com/hwchase17/langchain/issues/7641 • CWE-94: Improper Control of Generation of Code ('Code Injection') •