CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2056 – DedeCMS module_main.php GetSystemFile code injection
https://notcve.org/view.php?id=CVE-2023-2056
The manipulation leads to code injection. ... Dank Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gitee.com/ashe-king/cve/blob/master/dedecms%20rce2.md https://vuldb.com/?ctiid.225941 https://vuldb.com/?id.225941 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47027
https://notcve.org/view.php?id=CVE-2022-47027
Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution. • https://corporate.timmystudios.com https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2022-47027/CVE%20detail.md https://play.google.com/store/apps/details?id=com.jb.gokeyboard.theme.timssfasttypingkeyboard • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-27748
https://notcve.org/view.php?id=CVE-2023-27748
This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution. • https://blackvue.com https://github.com/eyJhb/blackvue-cve-2022 https://github.com/eyJhb/blackvue-cve-2023 https://shop.blackvue.com/product/dr750-2ch-ir-lte • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26388 – ZDI-CAN-20286: Adobe Substance 3D Stager USDZ File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-26388
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-26405 – ZDI-CAN-20712: Object Prototype pollution which leads to API Restrictions Bypass
https://notcve.org/view.php?id=CVE-2023-26405
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-24.html • CWE-20: Improper Input Validation •