CVSS: 9.8EPSS: 92%CPEs: 13EXPL: 5CVE-2022-26318 – WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-26318
04 Mar 2022 — On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. En los dispositivos WatchGuard Firebox y XTM, un usuario no autenticado puede ejecutar código arbitrario, también conocido como FBX-22786. Esta vulnerabilidad afecta a Fireware OS antes de 12.7.2_U2, 12.x antes de 12.1.3_U8, y 12.2.x hasta 12.5.x antes de 12.5.9_U2 On WatchGuard... • https://packetstorm.news/files/id/177855 •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 2CVE-2022-24724 – Integer overflow in table parsing extension leads to heap memory corruption
https://notcve.org/view.php?id=CVE-2022-24724
03 Mar 2022 — The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. • https://packetstorm.news/files/id/166599 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 94%CPEs: 16EXPL: 61CVE-2022-22947 – VMware Spring Cloud Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22947
03 Mar 2022 — In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. ... Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. • https://packetstorm.news/files/id/166219 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23878
https://notcve.org/view.php?id=CVE-2022-23878
02 Mar 2022 — seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. seacms versión V11.5, está afectado por una vulnerabilidad de ejecución de código arbitrario en el archivo admin_config.php • https://blog.csdn.net/miuzzx/article/details/122249953 •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 1CVE-2022-0819 – Code Injection in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0819
02 Mar 2022 — Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. • https://github.com/dolibarr/dolibarr/commit/2a48dd349e7de0d4a38e448b0d2ecbe25e968075 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 1CVE-2021-3999 – glibc: Off-by-one buffer overflow/underflow in getcwd()
https://notcve.org/view.php?id=CVE-2021-3999
02 Mar 2022 — It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2021-3999 • CWE-193: Off-by-one Error •
CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 1CVE-2021-44238
https://notcve.org/view.php?id=CVE-2021-44238
01 Mar 2022 — AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, AyaCMS versión 3.1.2, es vulnerable a una ejecución de código remoto (RCE) por medio del archivo /aya/module/admin/ust_tab_e.inc.php. • https://github.com/loadream/AyaCMS/issues/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 3CVE-2022-25018
https://notcve.org/view.php?id=CVE-2022-25018
01 Mar 2022 — Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. Se ha detectado que Pluxml versión v5.8.7, permite a atacantes ejecutar código arbitrario por medio de código PHP diseñado insertado en páginas estáticas. • https://github.com/MoritzHuppert/CVE-2022-25018 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2021-24962 – WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE
https://notcve.org/view.php?id=CVE-2021-24962
01 Mar 2022 — The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. • https://plugins.trac.wordpress.org/changeset/2677722 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24442
https://notcve.org/view.php?id=CVE-2022-24442
25 Feb 2022 — JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. JetBrains YouTrack versiones anteriores a 2021.4.40426, era vulnerable a un ataque de tipo SSTI (Server-Side Template Injection) por medio de plantillas FreeMarker. • https://github.com/mbadanoiu/CVE-2022-24442 • CWE-94: Improper Control of Generation of Code ('Code Injection') •