CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33234 – Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration
https://notcve.org/view.php?id=CVE-2023-33234
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner. • https://lists.apache.org/thread/n1vpgl6h2qsdm52o9m2tx1oo86tl4gnq • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32692 – Remote Code Execution Vulnerability in Validation Placeholders
https://notcve.org/view.php?id=CVE-2023-32692
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5. CodeIgniter es un framework web PHP full-stack. • https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-m6m8-6gq8-c9fj • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47526
https://notcve.org/view.php?id=CVE-2022-47526
A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. • https://www.fox-it.com/nl-en/fox-crypto/fox-datadiode https://www.fox-it.com/nl-en/software-vulnerability-report • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2928 – DedeCMS article_allowurl_edit.php code injection
https://notcve.org/view.php?id=CVE-2023-2928
The manipulation of the argument allurls leads to code injection. ... Durch das Manipulieren des Arguments allurls mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/CN016/DedeCMS-getshell-CVE-2023-2928- https://github.com/testwordpress123/cve/blob/main/dedecms.md https://vuldb.com/?ctiid.230083 https://vuldb.com/?id.230083 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2943 – Code Injection in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2943
Code Injection in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9 https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •