CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-29862
https://notcve.org/view.php?id=CVE-2023-29862
15 May 2023 — An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. • https://github.com/Duke1410/CVE/blob/main/CVE-2023-29862 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-29861
https://notcve.org/view.php?id=CVE-2023-29861
15 May 2023 — An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. • https://github.com/Duke1410/CVE/blob/main/CVE-2023-29861 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32305 – aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path
https://notcve.org/view.php?id=CVE-2023-32305
12 May 2023 — And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. • https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250 • CWE-20: Improper Input Validation CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-32528 – Trend Micro Mobile Security for Enterprises widgetforsecurity getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32528
12 May 2023 — Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprise... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-32527 – Trend Micro Mobile Security for Enterprises widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32527
12 May 2023 — Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprise... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30130
https://notcve.org/view.php?id=CVE-2023-30130
12 May 2023 — An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. • https://craftcms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24539 – Improper sanitization of CSS values in html/template
https://notcve.org/view.php?id=CVE-2023-24539
11 May 2023 — Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS co... • https://go.dev/cl/491615 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-176: Improper Handling of Unicode Encoding •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29400 – Improper handling of empty HTML attributes in html/template
https://notcve.org/view.php?id=CVE-2023-29400
11 May 2023 — Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr={{.}}") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. • https://go.dev/cl/491617 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-176: Improper Handling of Unicode Encoding •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47129
https://notcve.org/view.php?id=CVE-2022-47129
11 May 2023 — PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. • https://gist.github.com/Omoredream/43f60004665e9d9d8c71f7e976261387 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-31165 – Improper Neutralization of Input During Web Page Generation
https://notcve.org/view.php?id=CVE-2023-31165
10 May 2023 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. • https://selinc.com/support/security-notifications/external-reports • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •