CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2859 – Code Injection in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-2859
24 May 2023 — Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. • https://github.com/mnqazi/CVE-2023-2859 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-32697 – Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
https://notcve.org/view.php?id=CVE-2023-32697
23 May 2023 — SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. • https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25953
https://notcve.org/view.php?id=CVE-2023-25953
23 May 2023 — Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. • https://jvn.jp/en/jp/JVN01937209 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 0CVE-2023-32349
https://notcve.org/view.php?id=CVE-2023-32349
22 May 2023 — An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2023-25537
https://notcve.org/view.php?id=CVE-2023-25537
22 May 2023 — A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2359 – Revolution Slider <= 6.6.12 - Author+ Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-2359
22 May 2023 — The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. The Slider Revolution plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in versions up to, and including, 6.6.12. This makes it possible for authenticated attackers with administrator-level attackers to upload arbitrary files on the affected site... • https://wpscan.com/vulnerability/a8350890-e6d4-4b04-a158-2b0ee3748e65 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33930 – WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability
https://notcve.org/view.php?id=CVE-2023-33930
22 May 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Unlimited Elements Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos) permite la inyección de código. Este problema afecta... • https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-66-unrestricted-zip-extraction-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32700 – texlive: arbitrary code execution allows document complied with older version
https://notcve.org/view.php?id=CVE-2023-32700
20 May 2023 — An arbitrary code execution vulnerability was found in LuaTeX (TeX Live) that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled. • https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28081
https://notcve.org/view.php?id=CVE-2023-28081
18 May 2023 — A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. • https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 1%CPEs: 9EXPL: 1CVE-2023-24805 – Command injection in cups-filters
https://notcve.org/view.php?id=CVE-2023-24805
17 May 2023 — cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with netw... • https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •