CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47924 – Arbitrary Code Execution using the validate function of csaf-validator-lib
https://notcve.org/view.php?id=CVE-2022-47924
27 Mar 2023 — An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0004.json • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25908 – Adobe Photoshop SVG file Use After Free Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-25908
27 Mar 2023 — Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb23-23.html • CWE-416: Use After Free •
CVSS: 4.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-22249 – Adobe Commerce Stored XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22249
27 Mar 2023 — Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24835 – Softnext SPAM SQR - Code Injection
https://notcve.org/view.php?id=CVE-2023-24835
27 Mar 2023 — Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. • https://www.twcert.org.tw/tw/cp-132-6955-c7612-1.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 1CVE-2023-25261
https://notcve.org/view.php?id=CVE-2023-25261
27 Mar 2023 — Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report. • https://github.com/trustcves/CVE-2023-25261 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38745 – Apache OpenOffice: Empty entry in Java class path
https://notcve.org/view.php?id=CVE-2022-38745
24 Mar 2023 — When an empty Java class path entry is configured, LibreOffice will search for Java classes in the current working directory, allowing malicious Java classes to load when opening a document using the file manager, resulting in arbitrary code execution. • https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21020
https://notcve.org/view.php?id=CVE-2023-21020
24 Mar 2023 — In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1289 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1289
23 Mar 2023 — An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. • https://bugzilla.redhat.com/show_bug.cgi?id=2176858 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-28333 – Moodle: pix helper potential mustache code injection risk
https://notcve.org/view.php?id=CVE-2023-28333
23 Mar 2023 — The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). • https://bugzilla.redhat.com/show_bug.cgi?id=2179422 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30037
https://notcve.org/view.php?id=CVE-2022-30037
23 Mar 2023 — XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. • https://weltolk.github.io/p/xunruicms-v4.3.3-to-v4.5.1-backstage-code-injection-vulnerabilityfile-write-and-file-inclusion • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •