CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22277
https://notcve.org/view.php?id=CVE-2023-22277
03 Aug 2023 — By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22314
https://notcve.org/view.php?id=CVE-2023-22314
03 Aug 2023 — By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22317
https://notcve.org/view.php?id=CVE-2023-22317
03 Aug 2023 — By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU92877622 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21411 – Non-sanitized user input could lead to arbitrary code execution during Access Control configuration in AXIS License Plate Verifier
https://notcve.org/view.php?id=CVE-2023-21411
03 Aug 2023 — User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution. • https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21410 – Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier
https://notcve.org/view.php?id=CVE-2023-21410
03 Aug 2023 — User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution. • https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38748
https://notcve.org/view.php?id=CVE-2023-38748
03 Aug 2023 — By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU93286117 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38747
https://notcve.org/view.php?id=CVE-2023-38747
03 Aug 2023 — By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU93286117 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38746
https://notcve.org/view.php?id=CVE-2023-38746
03 Aug 2023 — By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. • https://jvn.jp/en/vu/JVNVU93286117 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39157 – WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-39157
03 Aug 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. • https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-10-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4141 – WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4141
03 Aug 2023 — The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is sti... • https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 • CWE-94: Improper Control of Generation of Code ('Code Injection') •