CVE-2023-6045 – Arkruntime has a type confusion vulnerability
https://notcve.org/view.php?id=CVE-2023-6045
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-48192
https://notcve.org/view.php?id=CVE-2023-48192
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. Un problema en TOTOlink A3700R v.9.1.2u.6134_B20201202 permite a un atacante local ejecutar código arbitrario a través de la función setTracerouteCfg. • http://totolink.com https://github.com/zxsssd/TotoLink- https://www.totolink.net • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-40809
https://notcve.org/view.php?id=CVE-2023-40809
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Search Criteria-Activity Number. • https://www.esecforte.com/cve-2023-40809-html-injection-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-6188 – GetSimpleCMS theme-edit.php code injection
https://notcve.org/view.php?id=CVE-2023-6188
The manipulation leads to code injection. ... Mittels Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1358 https://vuldb.com/?ctiid.245735 https://vuldb.com/?id.245735 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-44351 – Adobe ColdFusion RCE Security Vulnerability
https://notcve.org/view.php?id=CVE-2023-44351
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html • CWE-502: Deserialization of Untrusted Data •