CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29963
https://notcve.org/view.php?id=CVE-2023-29963
05 May 2023 — S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. • https://github.com/superjock1988/debug/blob/main/s-cms_rce.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31414
https://notcve.org/view.php?id=CVE-2023-31414
04 May 2023 — Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. • https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31415
https://notcve.org/view.php?id=CVE-2023-31415
04 May 2023 — Kibana version 8.7.0 contains an arbitrary code execution flaw. • https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47757
https://notcve.org/view.php?id=CVE-2022-47757
04 May 2023 — Loading the library can lead to arbitrary code execution. • https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-ghf9-x3c5-3mwj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23600 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2023-23600
03 May 2023 — Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1787034 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32885 – webkitgtk: Memory corruption issue when processing web content
https://notcve.org/view.php?id=CVE-2022-32885
03 May 2023 — Processing maliciously crafted web content may lead to arbitrary code execution A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. ... P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. ... Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code ex... • https://support.apple.com/en-us/HT213341 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1178
https://notcve.org/view.php?id=CVE-2023-1178
03 May 2023 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26546
https://notcve.org/view.php?id=CVE-2023-26546
02 May 2023 — European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. • https://iuclid6.echa.europa.eu • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31486 – http-tiny: insecure TLS cert default
https://notcve.org/view.php?id=CVE-2023-31486
28 Apr 2023 — Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/04/29/1 • CWE-295: Improper Certificate Validation CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26782
https://notcve.org/view.php?id=CVE-2023-26782
28 Apr 2023 — An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. • https://github.com/chshcms/mccms/issues/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •