CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39150
https://notcve.org/view.php?id=CVE-2023-39150
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. • https://gist.github.com/dgl/081cf503dc635df39d844e058a6d4c88 https://github.com/Maximus5/ConEmu/commit/60683a186628ffaa7689fcb64b3c38ced69287c1 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4271 – Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4271
The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. El complemento Photospace Responsive para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a través del parámetro 'psres_button_size' en versiones hasta la 2.1.1 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • sfp_email=&sfph_mail=&reponame=&new=2966110%40photospace-responsive%2Ftrunk&old=2875667%40photospace-responsive%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-41990 – Apple Multiple Products Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41990
Processing a font file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213599 https://support.apple.com/en-us/HT213601 https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213842 https://support.apple.com/en-us/HT213844 https://support.apple.com/en-us/HT213845 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16471 – Use-After-Free in app.measureDialog - Tianfu Cup
https://notcve.org/view.php?id=CVE-2019-16471
Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb19-55.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 6%CPEs: 10EXPL: 0CVE-2019-16470 – CoolType.dll crash - Tianfu Cup
https://notcve.org/view.php?id=CVE-2019-16470
Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb19-55.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •