CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36262
https://notcve.org/view.php?id=CVE-2022-36262
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. Se ha detectado un problema en taocms versión 3.0.2. en la configuración del sitio web que permite inyectar código php arbitrario al modificar el archivo config.php. • http://taocms.com https://github.com/taogogo/taocms https://github.com/taogogo/taocms/issues/34 https://github.com/taogogo/taocms/issues/34?by=xboy%28topsec%29 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-22630 – Apple macOS Remote Events Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22630
A remote user may cause an unexpected app termination or arbitrary code execution This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. • https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213256 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36006 – Authenticated remote code execution due to insecure deserialization (GHSL-2022-063)
https://notcve.org/view.php?id=CVE-2022-36006
Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (“Workbench 1”). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (“Workbench 2”) or API Server, are vulnerable to this attack. • https://arvados.org/release-notes/2.4.2 https://dev.arvados.org/issues/19316 https://github.com/arvados/arvados/security/advisories/GHSA-8867-q4xf-cqgm • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28634
https://notcve.org/view.php?id=CVE-2022-28634
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •
CVSS: 7.4EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28635
https://notcve.org/view.php?id=CVE-2022-28635
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •