CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44749 – Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android
https://notcve.org/view.php?id=CVE-2021-44749
06 Mar 2022 — A successful exploitation may lead to arbitrary code execution. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44749 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0845 – Code Injection in pytorchlightning/pytorch-lightning
https://notcve.org/view.php?id=CVE-2022-0845
05 Mar 2022 — Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. • https://github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 92%CPEs: 13EXPL: 5CVE-2022-26318 – WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-26318
04 Mar 2022 — On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. En los dispositivos WatchGuard Firebox y XTM, un usuario no autenticado puede ejecutar código arbitrario, también conocido como FBX-22786. Esta vulnerabilidad afecta a Fireware OS antes de 12.7.2_U2, 12.x antes de 12.1.3_U8, y 12.2.x hasta 12.5.x antes de 12.5.9_U2 On WatchGuard... • https://packetstorm.news/files/id/177855 •
CVSS: 9.8EPSS: 17%CPEs: 5EXPL: 2CVE-2022-24724 – Integer overflow in table parsing extension leads to heap memory corruption
https://notcve.org/view.php?id=CVE-2022-24724
03 Mar 2022 — The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. • https://packetstorm.news/files/id/166599 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 97%CPEs: 16EXPL: 60CVE-2022-22947 – VMware Spring Cloud Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22947
03 Mar 2022 — In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. ... Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. • https://packetstorm.news/files/id/166219 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23878
https://notcve.org/view.php?id=CVE-2022-23878
02 Mar 2022 — seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. seacms versión V11.5, está afectado por una vulnerabilidad de ejecución de código arbitrario en el archivo admin_config.php • https://blog.csdn.net/miuzzx/article/details/122249953 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0819 – Code Injection in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0819
02 Mar 2022 — Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. • https://github.com/dolibarr/dolibarr/commit/2a48dd349e7de0d4a38e448b0d2ecbe25e968075 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2021-3999 – glibc: Off-by-one buffer overflow/underflow in getcwd()
https://notcve.org/view.php?id=CVE-2021-3999
02 Mar 2022 — It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2021-3999 • CWE-193: Off-by-one Error •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44238
https://notcve.org/view.php?id=CVE-2021-44238
01 Mar 2022 — AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, AyaCMS versión 3.1.2, es vulnerable a una ejecución de código remoto (RCE) por medio del archivo /aya/module/admin/ust_tab_e.inc.php. • https://github.com/loadream/AyaCMS/issues/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3CVE-2022-25018
https://notcve.org/view.php?id=CVE-2022-25018
01 Mar 2022 — Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. Se ha detectado que Pluxml versión v5.8.7, permite a atacantes ejecutar código arbitrario por medio de código PHP diseñado insertado en páginas estáticas. • https://github.com/MoritzHuppert/CVE-2022-25018 • CWE-94: Improper Control of Generation of Code ('Code Injection') •