CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40871
https://notcve.org/view.php?id=CVE-2022-40871
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. Dolibarr ERP & CRM versiones anteriores a 15.0.3 incluyéndola, es vulnerable a una inyección de Eval. Por defecto, cualquier administrador puede ser añadido a la página de instalación de dolibarr, y si es añadido con éxito, puede insertarse código malicioso en la base de datos y luego ejecutarlo por eval • https://github.com/youncyb/dolibarr-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32492
https://notcve.org/view.php?id=CVE-2022-32492
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000202772 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32486
https://notcve.org/view.php?id=CVE-2022-32486
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000202772 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42034
https://notcve.org/view.php?id=CVE-2022-42034
Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. • https://github.com/debug601/bug_report/blob/main/vendors/pushpam02/wedding-planner/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0951
https://notcve.org/view.php?id=CVE-2021-0951
In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. • https://source.android.com/security/bulletin/2022-10-01 • CWE-190: Integer Overflow or Wraparound •