CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29018 – OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-29018
Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. • https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32 https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2056 – DedeCMS module_main.php GetSystemFile code injection
https://notcve.org/view.php?id=CVE-2023-2056
The manipulation leads to code injection. ... Dank Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gitee.com/ashe-king/cve/blob/master/dedecms%20rce2.md https://vuldb.com/?ctiid.225941 https://vuldb.com/?id.225941 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47027
https://notcve.org/view.php?id=CVE-2022-47027
Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution. • https://corporate.timmystudios.com https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2022-47027/CVE%20detail.md https://play.google.com/store/apps/details?id=com.jb.gokeyboard.theme.timssfasttypingkeyboard • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-27748
https://notcve.org/view.php?id=CVE-2023-27748
This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution. • https://blackvue.com https://github.com/eyJhb/blackvue-cve-2022 https://github.com/eyJhb/blackvue-cve-2023 https://shop.blackvue.com/product/dr750-2ch-ir-lte • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26388 – ZDI-CAN-20286: Adobe Substance 3D Stager USDZ File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-26388
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html • CWE-20: Improper Input Validation •