CWE-94

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. (Incydr Professional and Enterprise are unaffected.)

MyBB before 1.8.29 allows Remote Code Injection by an admin with the “Can manage settings?” permission. The Admin CP’s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type “php” with PHP code, executed on Change Settings pages.

iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability