CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37659
https://notcve.org/view.php?id=CVE-2023-37659
11 Jul 2023 — xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). • https://github.com/refraction-ray/xalpha/issues/175 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27868 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-27868
08 Jul 2023 — IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249516 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27867 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-27867
08 Jul 2023 — IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249514 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27869 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-27869
08 Jul 2023 — IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249517 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3551 – Code Injection in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3551
08 Jul 2023 — Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. • https://github.com/nilsteampassnet/teampass/commit/cc6abc76aa46ed4a27736c1d2f21e432a5d54e6f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36992
https://notcve.org/view.php?id=CVE-2023-36992
07 Jul 2023 — PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. • https://bramdoessecurity.com/travianz-hacked • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36859 – PiiGAB M-Bus Code Injection
https://notcve.org/view.php?id=CVE-2023-36859
06 Jul 2023 — PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-35934 – yt-dlp File Downloader cookie leak
https://notcve.org/view.php?id=CVE-2023-35934
06 Jul 2023 — Multiple vulnerabilities have been found in yt-dlp, the worst of which could result in arbitrary code execution. • https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.07.06.185519 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24497
https://notcve.org/view.php?id=CVE-2023-24497
06 Jul 2023 — A specially-crafted HTTP request can lead to arbitrary Javascript code injection. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24496
https://notcve.org/view.php?id=CVE-2023-24496
06 Jul 2023 — A specially-crafted HTTP request can lead to arbitrary Javascript code injection. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1704 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •