CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-26748 – Apple Safari WebGL generateMipmap Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26748
17 May 2022 — Processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213255 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-26751 – Apple macOS HEIC File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26751
17 May 2022 — Processing a maliciously crafted image may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213255 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-26775 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26775
17 May 2022 — An attacker may be able to cause unexpected application termination or arbitrary code execution. • https://support.apple.com/en-us/HT213255 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26776 – Apple Security Advisory 2022-05-16-2
https://notcve.org/view.php?id=CVE-2022-26776
17 May 2022 — An attacker may be able to cause unexpected application termination or arbitrary code execution. • https://support.apple.com/en-us/HT213256 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26708 – Apple Security Advisory 2022-05-16-2
https://notcve.org/view.php?id=CVE-2022-26708
17 May 2022 — An attacker may be able to cause unexpected application termination or arbitrary code execution. • https://support.apple.com/en-us/HT213257 •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2022-26711 – Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26711
17 May 2022 — A remote attacker may be able to cause unexpected application termination or arbitrary code execution. • https://support.apple.com/en-us/HT213253 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-27446 – Weintek EasyWeb cMT Code Injection
https://notcve.org/view.php?id=CVE-2021-27446
16 May 2022 — The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. • https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0578 – Code Injection in publify/publify
https://notcve.org/view.php?id=CVE-2022-0578
16 May 2022 — Code Injection in GitHub repository publify/publify prior to 9.2.8. • https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-28818 – ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-28818
12 May 2022 — ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. ColdFusion versiones CF2021U3 (y anteriores) y CF2018U13 están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima a visitar una... • https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 147EXPL: 0CVE-2021-26317
https://notcve.org/view.php?id=CVE-2021-26317
12 May 2022 — Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 •