CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 6CVE-2023-30145 – Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
https://notcve.org/view.php?id=CVE-2023-30145
26 May 2023 — Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. Camaleon CMS version 2.7.0 suffers from a server-side template injection vulnerability. • https://packetstorm.news/files/id/172593 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 2%CPEs: 1EXPL: 3CVE-2023-33440 – Faculty Evaluation System 1.0 - Unauthenticated File Upload
https://notcve.org/view.php?id=CVE-2023-33440
26 May 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php? • https://packetstorm.news/files/id/172672 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44512 – Acrobat Reader | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2022-44512
25 May 2023 — Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44513 – Acrobat Reader | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2022-44513
25 May 2023 — Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44514 – Acrobat Reader | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2022-44514
25 May 2023 — Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44518 – Acrobat Reader | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2022-44518
25 May 2023 — Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44520 – Acrobat Reader | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2022-44520
25 May 2023 — Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 17CVE-2023-33246 – Apache RocketMQ Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33246
24 May 2023 — For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent t... • https://packetstorm.news/files/id/173339 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-31873 – Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2023-31873
24 May 2023 — Gin Markdown Editor version 0.7.4 suffers from an arbitrary code execution vulnerability. • https://packetstorm.news/files/id/172530 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-31874 – Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2023-31874
24 May 2023 — Yank Note version 3.52.1 suffers from an arbitrary code execution vulnerability. • https://packetstorm.news/files/id/172535 • CWE-732: Incorrect Permission Assignment for Critical Resource •