CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34251 – Grav Server Side Template Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-34251
Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this issue. • https://github.com/getgrav/grav/blob/develop/system/src/Grav/Common/Twig/Extension/GravExtension.php#L174 https://github.com/getgrav/grav/commit/9d01140a63c77075ef09b26ef57cf186138151a5 https://github.com/getgrav/grav/security/advisories/GHSA-f9jf-4cp4-4fq5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 658EXPL: 0CVE-2022-31646
https://notcve.org/view.php?id=CVE-2022-31646
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806 •
CVSS: 7.8EPSS: 0%CPEs: 658EXPL: 0CVE-2022-31645
https://notcve.org/view.php?id=CVE-2022-31645
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806 •
CVSS: 7.8EPSS: 0%CPEs: 658EXPL: 0CVE-2022-31644
https://notcve.org/view.php?id=CVE-2022-31644
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806 •
CVSS: 7.0EPSS: 0%CPEs: 610EXPL: 0CVE-2022-31642
https://notcve.org/view.php?id=CVE-2022-31642
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •