CVSS: 9.8EPSS: 95%CPEs: 103EXPL: 1CVE-2023-25717 – Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
https://notcve.org/view.php?id=CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs. • https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf https://support.ruckuswireless.com/security_bulletins/315 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22345
https://notcve.org/view.php?id=CVE-2023-22345
Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 https://www.electronics.jtekt.co.jp/en/topics/202302035233 https://www.electronics.jtekt.co.jp/jp/topics/2023020313454 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22346
https://notcve.org/view.php?id=CVE-2023-22346
Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 https://www.electronics.jtekt.co.jp/en/topics/202302035233 https://www.electronics.jtekt.co.jp/jp/topics/2023020313454 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0788 – Code Injection in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2023-0788
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. • https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039 https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0792 – Code Injection in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2023-0792
Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. • https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1 https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f • CWE-94: Improper Control of Generation of Code ('Code Injection') •