CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-30349
https://notcve.org/view.php?id=CVE-2023-30349
27 Apr 2023 — JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. • https://github.com/jflyfox/jfinal_cms/issues/54 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42335 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-42335
25 Apr 2023 — Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/04/25/1 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-30404
https://notcve.org/view.php?id=CVE-2023-30404
25 Apr 2023 — Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request. • http://aigital.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-30626 – Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-30626
24 Apr 2023 — When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. • https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 4%CPEs: 3EXPL: 1CVE-2023-29566
https://notcve.org/view.php?id=CVE-2023-29566
24 Apr 2023 — huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. • https://github.com/omnitaint/Vulnerability-Reports/blob/ec3645003c7f8996459b5b24c722474adc2d599f/reports/dawnsparks-node-tesseract/report.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2259 – Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io
https://notcve.org/view.php?id=CVE-2023-2259
24 Apr 2023 — Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. • https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26060
https://notcve.org/view.php?id=CVE-2023-26060
24 Apr 2023 — An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. • https://nokia.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25505
https://notcve.org/view.php?id=CVE-2023-25505
22 Apr 2023 — NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0209
https://notcve.org/view.php?id=CVE-2023-0209
22 Apr 2023 — NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36963 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-36963
21 Apr 2023 — The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper vali... • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •