CVSS: 7.8EPSS: 6%CPEs: 16EXPL: 0CVE-2022-34229 – Adobe Acrobat Reader DC AcroForm rect Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34229
13 Jul 2022 — Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-32.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 9%CPEs: 4EXPL: 0CVE-2022-34243 – Adobe Photoshop U3D File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34243
13 Jul 2022 — Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb22-35.html • CWE-416: Use After Free •
CVSS: 8.0EPSS: 0%CPEs: 57EXPL: 0CVE-2022-34663
https://notcve.org/view.php?id=CVE-2022-34663
12 Jul 2022 — Affected devices are vulnerable to a web-based code injection attack via the console. • https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2022-34821
https://notcve.org/view.php?id=CVE-2022-34821
12 Jul 2022 — A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.... • https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31135 – Maliciously crafted evidence packet may cause denial of service
https://notcve.org/view.php?id=CVE-2022-31135
07 Jul 2022 — Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. ... Akashi es una implementación de servidor de código abierto del videojuego Attorney Online basado en el universo de Ace Attorney. • https://github.com/AttorneyOnline/akashi/commit/5566cdfedddef1f219aee33477d9c9690bf2f78b • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 6%CPEs: 3EXPL: 5CVE-2022-33980 – Apache Commons Configuration insecure interpolation defaults
https://notcve.org/view.php?id=CVE-2022-33980
06 Jul 2022 — Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. • https://github.com/HKirito/CVE-2022-33980 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2268 – WP All Import < 3.6.8 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-2268
01 Jul 2022 — The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE El plugin Import any XML or CSV File to de WordPress versiones anteriores a 3.6.8, acepta todos los archivos zip y extrae automáticamente el archivo zip sin validar el tipo de archivo extraído. Permitiendo a usuarios con altos privilegios, como ... • https://wpscan.com/vulnerability/578093db-a025-4148-8c4b-ec2df31743f7 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2073 – Code Injection in getgrav/grav
https://notcve.org/view.php?id=CVE-2022-2073
29 Jun 2022 — Code Injection in GitHub repository getgrav/grav prior to 1.7.34. • https://github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40553
https://notcve.org/view.php?id=CVE-2021-40553
28 Jun 2022 — piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. piwigo versión 11.5.0, está afectado por una vulnerabilidad de ejecución de código remota (RCE) en el Editor de Archivos Locales • https://github.com/Yang9999999/vuln/blob/main/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40607 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2021-40607
28 Jun 2022 — La función schm_box_size de GPAC versión 1.0.1, permite a atacantes causar una denegación de servicio por medio de un archivo diseñado en el comando MP4Box Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/1879 • CWE-770: Allocation of Resources Without Limits or Throttling •