Page 252 of 8676 results (0.169 seconds)

CVSS: 8.0EPSS: 0%CPEs: 58EXPL: 0

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. • https://helpx.adobe.com/security/products/magento/apsb23-50.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.3EPSS: 0%CPEs: 15EXPL: 0

In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. • https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 https://github.com/babel/babel/pull/16033 https://github.com/babel/babel/releases/tag/v7.23.2 https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4 https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html https://www.debian.org/security/2023/dsa-5528 • CWE-184: Incomplete List of Disallowed Inputs CWE-697: Incorrect Comparison •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1

A specially crafted network packet can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. • https://support.zabbix.com/browse/ZBX-23388 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. • https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •