CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2655 – Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2655
The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Classified Listing Pro de WordPress versiones anteriores a 2.0.20, no escapa de una URL generada antes de devolverla a un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado The Classified Listing Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL in versions up to 2.0.20 due to insufficient input sanitization and output escaping on the URL being requested and reflected on the page. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-32893 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32893
Processing maliciously crafted web content may lead to arbitrary code execution. ... This flaw allows an attacker with network access to pass specially crafted web content files, causing arbitrary code execution. • http://seclists.org/fulldisclosure/2022/Aug/16 http://seclists.org/fulldisclosure/2022/Oct/49 http://www.openwall.com/lists/oss-security/2022/08/25/5 http://www.openwall.com/lists/oss-security/2022/08/26/2 http://www.openwall.com/lists/oss-security/2022/08/29/1 http://www.openwall.com/lists/oss-security/2022/08/29/2 http://www.openwall.com/lists/oss-security/2022/09/02/10 http://www.openwall.com/lists/oss-security/2022/09/13/1 https://lis • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35976 – Improper KubeConfig handling allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-35976
A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. ... Please note that the vulnerability is specific to this extension, and the same kubeconfig would not result in arbitrary code execution when used with kubectl. • https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-287h-vjhw-jqf7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35975 – Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode
https://notcve.org/view.php?id=CVE-2022-35975
The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension. La extensión de GitOps Tools para VSCode puede facilitar la administración de objetos Flux. • https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-873x-829r-gxcp • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-35516
https://notcve.org/view.php?id=CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. Se ha detectado que DedeCMS versiones v5.7.93 - v5.7.96, contienen una vulnerabilidad de ejecución de código remota en el archivo login.php. • https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.93/Login.poc.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •