CVSS: 8.8EPSS: 33%CPEs: 2EXPL: 3CVE-2022-43769 – Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
https://notcve.org/view.php?id=CVE-2022-43769
03 Apr 2023 — Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass (CVE-2022-43939) and a Server Side Template Injection (SSTI) vulnerability (CVE-2022-43769) that can be chained together to achieve unauthenticate... • https://packetstorm.news/files/id/171712 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2023-26119
https://notcve.org/view.php?id=CVE-2023-26119
03 Apr 2023 — Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. • https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-1196 – Advanced Custom Fields - Contributor+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-1196
03 Apr 2023 — The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. The Advanced Custom Fields plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.0.7 via deserialization of untrusted input in custom field values. This makes it possible for authenticated attackers, with... • https://wpscan.com/vulnerability/cf376ca2-92f6-44ff-929a-ace809460a33 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1773 – Rockoa Configuration File webmainConfig.php code injection
https://notcve.org/view.php?id=CVE-2023-1773
31 Mar 2023 — The manipulation leads to code injection. ... Durch Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/CTF-Archives/xinhu-v2.3.2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25076 – Debian Security Advisory 5413-1
https://notcve.org/view.php?id=CVE-2023-25076
30 Mar 2023 — A specially crafted HTTP or TLS packet can lead to arbitrary code execution. ... Due to bad handling of wildcard backend hosts, a crafted HTTP or TLS packet might lead to remote arbitrary code execution. • https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28731 – Unauthenticated RCE affecting the AcyMailing plugin for Joomla
https://notcve.org/view.php?id=CVE-2023-28731
30 Mar 2023 — AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. ... • https://www.acymailing.com/change-log • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 1CVE-2023-27537 – Gentoo Linux Security Advisory 202310-12
https://notcve.org/view.php?id=CVE-2023-27537
30 Mar 2023 — Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. • https://hackerone.com/reports/1897203 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44370 – Gentoo Linux Security Advisory 202312-09
https://notcve.org/view.php?id=CVE-2022-44370
29 Mar 2023 — NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 Multiple vulnerabilities have been discovered in NASM, the worst of which could lead to arbitrary code execution. • https://bugzilla.nasm.us/show_bug.cgi?id=3392815 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25904 – Adobe Dimension Out-of-bounds Read USDZ file Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-25904
28 Mar 2023 — Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/dimension/apsb23-20.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25903 – Adobe Dimension USDZ files Integer Overflow or Wraparound Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-25903
28 Mar 2023 — Adobe Dimension versions 3.4.7 (and earlier) is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/dimension/apsb23-20.html • CWE-190: Integer Overflow or Wraparound •