CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2022-43973 – Arbitrary code execution in Linksys WRT54GL
https://notcve.org/view.php?id=CVE-2022-43973
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. • https://youtu.be/73-1lhvJPNg https://youtu.be/RfWVYCUBNZ0 https://youtu.be/TeWAmZaKQ_w • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2482
https://notcve.org/view.php?id=CVE-2022-2482
A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 • CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0048 – Code Injection in lirantal/daloradius
https://notcve.org/view.php?id=CVE-2023-0048
Code Injection in GitHub repository lirantal/daloradius prior to master-branch. • https://github.com/lirantal/daloradius/commit/3650eea7277a5c278063214a5b71dbd7d77fc5aa https://huntr.dev/bounties/57abd666-4b9c-4f59-825d-1ec832153e79 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10009 – nterchange code_caller_controller.php getContent code injection
https://notcve.org/view.php?id=CVE-2015-10009
The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. ... Durch die Manipulation des Arguments q mit der Eingabe %5C%27%29;phpinfo%28%29;/* mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99 https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1 https://vuldb.com/?ctiid.217187 https://vuldb.com/?id.217187 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125026 – Out-of-bounds write in github.com/cloudflare/golz4
https://notcve.org/view.php?id=CVE-2014-125026
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. • https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898 https://github.com/cloudflare/golz4/issues/5 https://pkg.go.dev/vuln/GO-2020-0022 • CWE-787: Out-of-bounds Write •