CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2354 – WP-DBManager < 2.80.8 - Admin+ Remote Command Execution
https://notcve.org/view.php?id=CVE-2022-2354
25 Jul 2022 — The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. El plugin WP-DBManager de WordPress versiones anteriores a 2.80.8, no evita que administradores ejecuten comandos arbitrarios en el servidor en instalaciones multisitio, donde sólo deberían hacerlo los superadministradores. The WP-DBManager plugin for WordPress is vulnerable to remote code execution due to an incorre... • https://wpscan.com/vulnerability/1c8c5861-ce87-4813-9e26-470d63c1903a • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 2CVE-2022-25759 – Remote Code Injection
https://notcve.org/view.php?id=CVE-2022-25759
22 Jul 2022 — The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. • https://github.com/neocotic/convert-svg/commit/7e6031ac7427cf82cf312cb4a25040f2e6efe7a5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32802 – macOS RawCamera Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2022-32802
22 Jul 2022 — Processing a maliciously crafted file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213342 •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-25812 – Transposh WordPress Translation < 1.0.8 - Admin+ RCE
https://notcve.org/view.php?id=CVE-2022-25812
22 Jul 2022 — The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE El plugin Transposh WordPress Translation de WordPress versiones anteriores a 1.0.8, no comprueba su configuración de depuración, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo un RCE. The Transposh WordPress Translation plugin for WordPress is vulnerable to remote code execution in ... • https://packetstorm.news/files/id/167887 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 1%CPEs: 21EXPL: 0CVE-2022-32839 – Apple Security Advisory 2022-07-20-6
https://notcve.org/view.php?id=CVE-2022-32839
22 Jul 2022 — A remote user may cause an unexpected app termination or arbitrary code execution. • https://support.apple.com/en-us/HT213340 •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2022-32787 – Apple Security Advisory 2022-07-20-6
https://notcve.org/view.php?id=CVE-2022-32787
22 Jul 2022 — Processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213340 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 46%CPEs: 1EXPL: 1CVE-2022-2314 – VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call
https://notcve.org/view.php?id=CVE-2022-2314
22 Jul 2022 — The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. El plugin VR Calendar WordPress a través de la versión 2.3.2 permite a cualquier usuario ejecutar funciones PHP arbitrarias en el sitio The VR Calendar plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.2.2 via the handleCommands() function that accepts user supplied input via the 'vrc_cmd' parameter that is passed to call_user_func(). This allows unauthentic... • https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32792 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-32792
22 Jul 2022 — Processing maliciously crafted web content may lead to arbitrary code execution. ... This issue occurs when processing maliciously crafted web content which may lead to arbitrary code execution. iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities. • https://support.apple.com/en-us/HT213340 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 16%CPEs: 31EXPL: 0CVE-2022-2294 – WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-2294
22 Jul 2022 — If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • http://www.openwall.com/lists/oss-security/2022/07/28/2 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 1CVE-2022-33967 – Ubuntu Security Notice USN-5764-1
https://notcve.org/view.php?id=CVE-2022-33967
20 Jul 2022 — Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU97846460/index.html • CWE-787: Out-of-bounds Write •