CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4142 – WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4142
03 Aug 2023 — The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for si... • https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-3401 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2023-3401
02 Aug 2023 — An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. • https://gitlab.com/gitlab-org/gitlab/-/issues/416252 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 2CVE-2023-36255 – Eramba 3.19.1 Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-36255
01 Aug 2023 — An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. Eramba version 3.19.1 suffers from a remote command execution vulnerability. • https://packetstorm.news/files/id/173888 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 130EXPL: 0CVE-2023-34644
https://notcve.org/view.php?id=CVE-2023-34644
31 Jul 2023 — Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. • https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34842
https://notcve.org/view.php?id=CVE-2023-34842
31 Jul 2023 — Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. • http://dedecms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 91%CPEs: 1EXPL: 5CVE-2023-34634 – GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2023-34634
31 Jul 2023 — Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened. • https://packetstorm.news/files/id/173825 •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-36542 – Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources
https://notcve.org/view.php?id=CVE-2023-36542
29 Jul 2023 — Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the ne... • http://seclists.org/fulldisclosure/2023/Jul/43 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-38599 – webkitgtk: track sensitive user information
https://notcve.org/view.php?id=CVE-2023-38599
28 Jul 2023 — Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/08/02/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-38592 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-38592
28 Jul 2023 — Processing web content may lead to arbitrary code execution. ... This issue occurs when processing malicious web content, which may lead to arbitrary code execution. ... Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/08/02/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39023
https://notcve.org/view.php?id=CVE-2023-39023
28 Jul 2023 — university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. • https://github.com/LetianYuan/My-CVE-Public-References/tree/main/org_compass-project_compass • CWE-94: Improper Control of Generation of Code ('Code Injection') •