Improper Control of Generation of Code ('Code Injection')CWE-94
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2023-44853\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. | CVSS 4.8 | Cobham | - | - |  |
CVE-2023-44847An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | CVSS 7.2 | Seacms | Exploit | - |  |
CVE-2023-44846An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | CVSS 8.8 | Seacms | Exploit | - |  |
CVE-2023-44392Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-result` and `run-result` to cache Garden test and run results. These `ConfigMaps` are stored either in the `garden-system` namespace or the configured user namespace. When a user invokes the command `garden test` or `garden run` objects stored in the `ConfigMap` are retrieved and deserialized. This can be used by an attacker with access to the Kubernetes cluster to store malicious objects in the `ConfigMap`, which can trigger a remote code execution on the users machine when cryo deserializes the object. In order to exploit this vulnerability, an attacker must have access to the Kubernetes cluster used to deploy garden remote environments. Further, a user must actively invoke either a `garden test` or `garden run` which has previously cached results. The issue has been patched in Garden versions `0.13.17` (Bonsai) and `0.12.65` (Acorn). Only Garden versions prior to these are vulnerable. No known workarounds are available. | CVSS 9 | Garden | - | Patched |  |
CVE-2023-44382An authenticated backend user with the editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safe_mode being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone who trusts their users with those permissions to usually write and manage PHP within the CMS by not having cms.safe_mode enabled. Still, it would be a problem for anyone relying on cms.safe_mode to ensure that users with those permissions in production do not have access to write and execute arbitrary PHP. | CVSS 9.1 | Octobercms | - | Patched |  |
CVE-2023-44381An authenticated backend user with the editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safe_mode being enabled can craft a special request to include PHP code in the CMS template. This is not a problem for anyone who trusts their users with those permissions to usually write & manage PHP within the CMS by not having cms.safe_mode enabled. Still, it would be a problem for anyone relying on cms.safe_mode to ensure that users with those permissions in production do not have access to write and execute arbitrary PHP. | CVSS 4.9 | Octobercms | - | Patched |  |
CVE-2023-44141Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. | CVSS 7.8 | Inkdrop | - | - |  |
CVE-2023-44011An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. | CVSS 9.8 | Mojoportal | Exploit | - |  |
CVE-2023-43955The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. | CVSS 9.8 | Fedirtsapana | Exploit | - |  |
CVE-2023-43792baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available. | CVSS 9.8 | Basercms | - | Patched |  |
CVE-2023-43661Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue. | CVSS 8.8 | All-three | Exploit | Patched |  |
CVE-2023-43651JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 9.9 | Fit2cloud | Exploit | Patched |  |
CVE-2023-43625A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. | CVSS 9.8 | Siemens | - | Patched |  |
CVE-2023-43481An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. | CVSS 9.8 | Tcl | Exploit | - |  |
CVE-2023-43449An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component. | CVSS 8.8 | Hummerrisk | Exploit | - |  |
CVE-2023-43364An issue in Arjun Sharda's Searchor before version v.2.4.2 allows an attacker to
execute arbitrary code via a crafted script to the eval() function in Searchor's src/searchor/main.py file, affecting the search feature in Searchor's CLI (Command Line Interface). | CVSS 9.8 | Arjunsharda | Exploit | Patched |  |
CVE-2023-43352An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. | CVSS 7.8 | Cmsmadesimple | Exploit | - |  |
CVE-2023-43301An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | CVSS 8.2 | Linecorp | Exploit | - |  |
CVE-2023-43270dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. | CVSS 9.8 | Dst-admin project | Exploit | - |  |
CVE-2023-43234DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | CVSS 9.8 | Dedebiz | - | - |  |
CVE-2023-43222SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | CVSS 9.8 | Seacms | Exploit | - |  |
CVE-2023-43115In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). | CVSS 9.8 | Fedoraproject, et al | Exploit | Patched |  |
CVE-2023-4300The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. | CVSS 7.2 | Mooveagency | Exploit | - |  |
CVE-2023-4291Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.
| CVSS 9.8 | Frauscher | - | - |  |
CVE-2023-42890The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. | CVSS 8.8 | Apple | - | Patched |  |
CVE-2023-42833A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | CVSS 8.8 | Apple | - | Patched |  |
CVE-2023-42658
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. | CVSS 7.8 | Chef | - | Patched |  |
CVE-2023-42374An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | CVSS 9.8 | Mystenlabs | - | Patched |  |
CVE-2023-41984The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | CVSS 7.8 | Apple | - | Patched |  |
CVE-2023-41898Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`. | CVSS 7.8 | Home-assistant | - | Patched |  |
CVE-2023-41892Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15. | CVSS 9.8 | Craftcms | Exploit | Patched |  |
CVE-2023-41783There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
| CVSS 7.8 | Zte | - | Patched |  |
CVE-2023-41724A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. | CVSS 8.8 | Ivanti | - | Patched |  |
CVE-2023-41630eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component. | CVSS 9.8 | Esst | Exploit | - |  |
CVE-2023-41544SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. | CVSS 9.8 | Jeecg | Exploit | Patched |  |
CVE-2023-41503Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function. | CVSS 9.8 | - | - |  | |
CVE-2023-41450An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | CVSS 8.8 | Php kobo | Exploit | - |  |
CVE-2023-41444An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. | CVSS 7.8 | Binalyze | Exploit | - |  |
CVE-2023-4142The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution. | CVSS 8 | Smackcoders | - | Patched |  |
CVE-2023-4141The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution. | CVSS 8 | Smackcoders | - | Patched |  |
CVE-2023-41362MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP. | CVSS 7.2 | Mybb | Exploit | Patched |  |
CVE-2023-41319Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`. | CVSS HIGH | Ethyca | - | Patched |  |
CVE-2023-41179A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.
Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | CVSS 7.2 | Trendmicro | Exploit | Patched |  |
CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php | CVSS 7.8 | Pagekit | Exploit | Patched |  |
CVE-2023-40828An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. | CVSS 7.5 | Pf4j project | - | Patched |  |
CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. | CVSS 7.5 | Pf4j project | Exploit | Patched |  |
CVE-2023-40826An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. | CVSS 7.5 | Pf4j project | Exploit | Patched |  |
CVE-2023-40809OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. | CVSS 6.1 | Opencrx | Exploit | Patched |  |
CVE-2023-40621SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default. | CVSS HIGH | - | - |  | |
CVE-2023-40606Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
| CVSS 9.1 | Kanbanwp | - | - |  |
CVE-2023-40313A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | CVSS 8.8 | Opennms | - | Patched |  |
CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
| CVSS 9.8 | Genians | - | Patched |  |
CVE-2023-40221** UNSUPPPORTED WHEN ASSIGNED **
The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.
| CVSS 8.8 | Socomec | - | - |  |
CVE-2023-40177XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the ``AppWithinMinutes.Content`` author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the ``display`` script service to render the content we make sure that the proper author is used for access rights checks. | CVSS 8.8 | Xwiki | - | Patched |  |
CVE-2023-40050Upload profile either
through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec
check command with maliciously crafted profile allows remote code execution.
| CVSS 8.8 | Chef | - | Patched |  |
CVE-2023-39956Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron. | CVSS HIGH | - | Patched |  | |
CVE-2023-39685An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. | CVSS 7.5 | Exploit | Patched |  | |
CVE-2023-39681Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload. | CVSS 9.8 | Cuppacms | Exploit | - |  |
CVE-2023-39662An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. | CVSS 9.8 | Exploit | Patched |  | |
CVE-2023-39661An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. | CVSS 9.8 | Gabrieleventuri | Exploit | Patched |  |
CVE-2023-39660An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. | CVSS 9.8 | Gabrieleventuri | Exploit | Patched |  |
CVE-2023-39631An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | CVSS 9.8 | Langchain | Exploit | Patched |  |
CVE-2023-39593Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. | CVSS 5.6 | Mariadb | - | Patched |  |
CVE-2023-39469This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.<br/>The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.<br/> PaperCut has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/">https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/</a> <br/></td> | CVSS Low | Papercut | Exploit | - |  |
CVE-2023-39445Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | CVSS 8.8 | Elecom | - | Patched |  |
CVE-2023-39333Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.
This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. | CVSS 5.3 | Netapp | - | Patched |  |
CVE-2023-39323Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. | CVSS 9.8 | Fedoraproject, et al | - | Patched |  |
CVE-2023-39320The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. | CVSS 9.8 | Golang | Exploit | Patched |  |
CVE-2023-39157Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
| CVSS 9 | Crocoblock | - | - |  |
CVE-2023-39059An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. | CVSS 8.8 | Ansible-semaphore | Exploit | Patched |  |
CVE-2023-39023university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument. | CVSS 9.8 | Exploit | - |  | |
CVE-2023-39022oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument. | CVSS 9.8 | Exploit | Patched |  | |
CVE-2023-39021wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument. | CVSS 9.8 | Wix | Exploit | Patched |  |
CVE-2023-39020stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument. | CVSS 9.8 | Stanford | Exploit | - |  |
CVE-2023-39018FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. | CVSS 9.8 | Bramp | Exploit | Patched |  |
CVE-2023-39017** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur. | CVSS 9.8 | Softwareag | Exploit | Patched |  |
CVE-2023-39016bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument. | CVSS 9.8 | Bbossgroups | Exploit | - |  |
CVE-2023-39015webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | CVSS 9.8 | Code4craft | Exploit | Patched |  |
CVE-2023-39013Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | CVSS 9.8 | Larsga | Exploit | Patched |  |
CVE-2023-39010BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. | CVSS 9.8 | Boofcv | Exploit | Patched |  |
CVE-2023-38943ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. | CVSS 8.8 | Shuize 0x727 project | Exploit | - |  |
CVE-2023-38896An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | CVSS 9.8 | Langchain | Exploit | Patched |  |
CVE-2023-38889An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). | CVSS 9.8 | Alluxio | Exploit | Patched |  |
CVE-2023-38886An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. | CVSS 7.2 | Dolibarr | Exploit | Patched |  |
CVE-2023-38877A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords. | CVSS 8.8 | Economizzer | Exploit | Patched |  |
CVE-2023-38860An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | CVSS 9.8 | Langchain | Exploit | Patched |  |
CVE-2023-38576Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. | CVSS 8 | Elecom | - | Patched |  |
CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | CVSS 9.8 | Fedoraproject, et al | Exploit | Patched |  |
CVE-2023-38198acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. | CVSS 9.8 | Acme.sh project | Exploit | - |  |
CVE-2023-37914XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability. | CVSS 8.8 | Xwiki | Exploit | Patched |  |
CVE-2023-37909XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed. | CVSS 8.8 | Xwiki | Exploit | Patched |  |
CVE-2023-37659xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). | CVSS 9.8 | Exploit | Patched |  | |
CVE-2023-37582The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1.
When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as.
It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.
| CVSS 9.8 | Apache | Exploit | Patched |  |
CVE-2023-37565Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. | CVSS 8 | - | Patched |  | |
CVE-2023-37518HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user.
| CVSS 8.8 | Hcltech | - | Patched |  |
CVE-2023-37470Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite. | CVSS 9.8 | Metabase | - | Patched |  |
CVE-2023-37466vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. | CVSS 9.8 | Vm2 project | Exploit | Patched |  |
CVE-2023-37450The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | CVSS 8.8 | Apple, et al | Exploit | Patched |  |
CVE-2023-37427A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | CVSS 7.2 | Arubanetworks | - | Patched |  |
CVE-2023-37424A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | CVSS 8.1 | Arubanetworks | - | Patched |  |