CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-27650
https://notcve.org/view.php?id=CVE-2023-27650
10 Apr 2023 — An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. • https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27650/CVE%20detail.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-28205 – Apple Multiple Products WebKit Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-28205
10 Apr 2023 — Processing maliciously crafted web content may lead to arbitrary code execution. ... This vulnerability allows attackers with network access to pass specially crafted web content files, causing Denial of Service or Arbitrary Code Execution. ... P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. ... Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code... • https://github.com/ntfargo/uaf-2023-28205 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1947 – taoCMS admin.php code injection
https://notcve.org/view.php?id=CVE-2023-1947
07 Apr 2023 — The manipulation leads to code injection. ... Mittels Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gitee.com/misak7in/cve/blob/master/taocms.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-28706 – Apache Airflow Hive Provider Beeline Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-28706
07 Apr 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. • http://www.openwall.com/lists/oss-security/2023/04/07/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26817
https://notcve.org/view.php?id=CVE-2023-26817
07 Apr 2023 — codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php. • https://github.com/PGYER/codefever/issues/140 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27033
https://notcve.org/view.php?id=CVE-2023-27033
07 Apr 2023 — Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). • https://addons.prestashop.com/fr/declinaisons-personnalisation/22677-personnalisation-de-produit-product-customize.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24538 – Backticks not treated as string delimiters in html/template
https://notcve.org/view.php?id=CVE-2023-24538
06 Apr 2023 — Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go... • https://github.com/skulkarni-mv/goIssue_dunfell • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43664
https://notcve.org/view.php?id=CVE-2022-43664
05 Apr 2023 — A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. • https://jvn.jp/en/jp/JVN79149117 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27770
https://notcve.org/view.php?id=CVE-2023-27770
04 Apr 2023 — An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. • https://github.com/liong007/Wondershare/issues/10 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-426: Untrusted Search Path •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48224
https://notcve.org/view.php?id=CVE-2022-48224
04 Apr 2023 — Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). • https://acuant.com • CWE-427: Uncontrolled Search Path Element •