CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3713
https://notcve.org/view.php?id=CVE-2022-3713
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42699 – WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-42699
Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. Vulnerabilidad de ejecución remota de código autenticada en el complemento Easy WP SMTP en versiones <= 1.5.1 en WordPress. The Easy WP SMTP plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.5.1 possibly via the 'admin_init' function (as part of the SMTP import/export functionality). This allows administrator-level attackers to execute code on the server. • https://patchstack.com/database/vulnerability/easy-wp-smtp/wordpress-easy-wp-smtp-plugin-1-5-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 2CVE-2022-24441 – Code Injection
https://notcve.org/view.php?id=CVE-2022-24441
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. • https://github.com/snyk/snyk-eclipse-plugin/commit/b5a8bce25a359ced75f83a729fc6b2393fc9a495 https://github.com/snyk/snyk-intellij-plugin/commit/56682f4ba6081ce1d95cb980cbfacd3809a826f4 https://github.com/snyk/snyk-ls/commit/b3229f0142f782871aa72d1a7dcf417546d568ed https://github.com/snyk/snyk-visual-studio-plugin/commit/0b53dbbd4a3153c3ef9aaf797af3b5caad0f731a https://github.com/snyk/vscode-extension/commit/0db3b4240be0db6a0a5c6d02c0d4231a2c4ba708 https://security.snyk.io/vuln/SNYK-JS-SNYK-3111871 https://www.imperva.com/blog/how-scanning-your-projects- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41675 – TEAM JOHNLONG SOFTWARE CO., LTD. MAILD Mail Server - Formula Injection
https://notcve.org/view.php?id=CVE-2022-41675
Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. • https://www.twcert.org.tw/tw/cp-132-6738-b78f4-1.html • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24942 – Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
https://notcve.org/view.php?id=CVE-2021-24942
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. El complemento Menu Item Visibility Control de WordPress hasta la versión 0.5 no sanitiza ni valida la opción "Lógica de visibilidad" para los elementos del menú de WordPress, lo que podría permitir a usuarios altamente privilegiados ejecutar código PHP arbitrario incluso en un entorno reforzado. The Menu Item Visibility Control plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 0.5 via the 'visibility logic' option. This allows administrator-level attackers to execute code on the server. • https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418 • CWE-94: Improper Control of Generation of Code ('Code Injection') •