Total 263120 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-25292 1 Group-office 1 Group Office 2024-08-02 6.1 Medium
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.
CVE-2023-25363 2 Redhat, Webkitgtk 2 Enterprise Linux, Webkitgtk 2024-08-02 8.8 High
A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
CVE-2023-25409 1 Aten 2 Pe8108, Pe8108 Firmware 2024-08-02 8.1 High
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.
CVE-2023-25306 1 Multimc 1 Multimc 2024-08-02 7.5 High
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.
CVE-2023-25305 1 Polymc 1 Polymc 2024-08-02 7.1 High
PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.
CVE-2023-25216 1 Tenda 2 Ac5, Ac5 Firmware 2024-08-02 9.8 Critical
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
CVE-2023-25280 1 Dlink 2 Dir820la1, Dir820la1 Firmware 2024-08-02 9.8 Critical
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
CVE-2023-25367 1 Siglent 6 Sds1074x-e, Sds1074x-e Firmware, Sds1104x-e and 3 more 2024-08-02 9.8 Critical
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.
CVE-2023-25172 1 Discourse 1 Discourse 2024-08-02 4.4 Medium
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse.
CVE-2023-25266 1 Docmosis 1 Tornado 2024-08-02 8.8 High
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE).
CVE-2023-25234 1 Tenda 2 Ac500, Ac500 Firmware 2024-08-02 9.8 Critical
Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.
CVE-2023-25289 1 Virtualreception 1 Digital Reciptie 2024-08-02 7.5 High
Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.
CVE-2023-25314 1 Wwbn 1 Avideo 2024-08-02 6.1 Medium
Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.
CVE-2023-25196 1 Apache 1 Fineract 2024-08-02 4.3 Medium
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components.   This issue affects Apache Fineract: from 1.4 through 1.8.2.
CVE-2023-25219 1 Tenda 2 Ac5, Ac5 Firmware 2024-08-02 9.8 Critical
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
CVE-2023-25341 2024-08-02 N/A
A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests.
CVE-2023-25261 1 Stimulsoft 2 Designer, Viewer 2024-08-02 9.8 Critical
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.
CVE-2023-25193 3 Fedoraproject, Harfbuzz Project, Redhat 8 Fedora, Harfbuzz, Enterprise Linux and 5 more 2024-08-02 7.5 High
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-25218 1 Tenda 2 Ac5, Ac5 Firmware 2024-08-02 9.8 Critical
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
CVE-2023-25431 1 Online Reviewer Management System Project 1 Online Reviewer Management System 2024-08-02 4.8 Medium
An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.