CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7678 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-7678
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js". Esto afecta a todas las versiones del paquete node-import. El argumento "params" de la función del módulo puede ser controlado por usuarios sin ningún tipo de saneo.b. • https://github.com/mahdaen/node-import/blob/master/index.js%23L79 https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2354 – WP-DBManager < 2.80.8 - Admin+ Remote Command Execution
https://notcve.org/view.php?id=CVE-2022-2354
The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. El plugin WP-DBManager de WordPress versiones anteriores a 2.80.8, no evita que administradores ejecuten comandos arbitrarios en el servidor en instalaciones multisitio, donde sólo deberían hacerlo los superadministradores. The WP-DBManager plugin for WordPress is vulnerable to remote code execution due to an incorrect capability check in the ~/database-backup.php file in versions up to, and including, 2.80.7. This makes it possible for high level authenticated users, such as administrators, to run arbitrary commands on the affected server. This only affects multi-site installations where an administrator wouldn't have the capability to run arbitrary code. • https://wpscan.com/vulnerability/1c8c5861-ce87-4813-9e26-470d63c1903a • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •
CVSS: 9.9EPSS: 9%CPEs: 1EXPL: 2CVE-2022-25759 – Remote Code Injection
https://notcve.org/view.php?id=CVE-2022-25759
The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. • https://github.com/neocotic/convert-svg/commit/7e6031ac7427cf82cf312cb4a25040f2e6efe7a5 https://github.com/neocotic/convert-svg/issues/81 https://github.com/neocotic/convert-svg/pull/82 https://security.snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2849633 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-32787
https://notcve.org/view.php?id=CVE-2022-32787
Processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213343 https://support.apple.com/en-us/HT213344 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32792 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-32792
Processing maliciously crafted web content may lead to arbitrary code execution. ... This issue occurs when processing maliciously crafted web content which may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://access.redhat.com/security/cve/CVE-2022-32792 https://bugzilla.redhat.com/show_bug.cgi?id=2238973 • CWE-787: Out-of-bounds Write •