Search Results (366739 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-30352 1 Tenda 2 Cp3, Cp3 Firmware 2025-01-27 9.8 Critical
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.
CVE-2023-30351 1 Tenda 2 Cp3, Cp3 Firmware 2025-01-27 7.5 High
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.
CVE-2023-30194 1 Prestashop 1 Poststaticfooter 2025-01-27 9.8 Critical
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
CVE-2023-29930 1 Genesys 1 Tftp Server 2025-01-27 8.8 High
An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.
CVE-2023-32336 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-01-27 8.8 High
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.
CVE-2023-2614 1 Pimcore 1 Pimcore 2025-01-27 5.4 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2615 1 Pimcore 1 Pimcore 2025-01-27 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2616 1 Pimcore 1 Pimcore 2025-01-27 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-43543 1 Qualcomm 32 Qam8255p, Qam8255p Firmware, Qam8775p and 29 more 2025-01-27 6.7 Medium
Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object.
CVE-2023-2629 1 Pimcore 1 Customer Management Framework 2025-01-27 7.8 High
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
CVE-2023-2630 1 Pimcore 1 Pimcore 2025-01-27 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-43538 1 Qualcomm 274 Aqt1000, Aqt1000 Firmware, Ar8035 and 271 more 2025-01-27 9.3 Critical
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
CVE-2023-31907 1 Jerryscript 1 Jerryscript 2025-01-27 7.8 High
Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.
CVE-2023-31555 1 Podofo Project 1 Podofo 2025-01-27 6.5 Medium
podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.
CVE-2023-2617 1 Opencv 1 Opencv 2025-01-27 5.3 Medium
A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.
CVE-2023-26126 1 M.static Project 1 M.static 2025-01-27 7.5 High
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.
CVE-2023-1096 1 Netapp 1 Snapcenter 2025-01-27 9.8 Critical
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.
CVE-2022-36937 1 Facebook 1 Hhvm 2025-01-27 9.8 Critical
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.
CVE-2023-43544 1 Qualcomm 54 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 51 more 2025-01-27 6.7 Medium
Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.
CVE-2023-43545 1 Qualcomm 56 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 53 more 2025-01-27 6.7 Medium
Memory corruption when more scan frequency list or channels are sent from the user space.