Search Results (366043 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4523 1 Rtautomation 6 460 Series Firmware, 460etcmm, 460mcbms and 3 more 2025-01-16 9.4 Critical
Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm.
CVE-2023-2306 1 Qognify 1 Nicevision 2025-01-16 10 Critical
Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records.
CVE-2023-4215 1 Advantech 1 Webaccess 2025-01-16 6.5 Medium
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
CVE-2023-34437 1 Bakerhughes 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware 2025-01-16 7.5 High
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device.
CVE-2023-36857 1 Bakerhughes 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware 2025-01-16 5.4 Medium
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.
CVE-2023-5059 1 Santesoft 1 Fft Imaging 2025-01-16 7.8 High
Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-39431 1 Santesoft 1 Dicom Viewer Pro 2025-01-16 7.8 High
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-35986 1 Santesoft 1 Dicom Viewer Pro 2025-01-16 7.8 High
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-38584 1 Weintek 14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more 2025-01-16 9.8 Critical
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
CVE-2023-40145 1 Weintek 14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more 2025-01-16 8.8 High
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
CVE-2023-43492 1 Weintek 14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more 2025-01-16 9.8 Critical
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
CVE-2023-42769 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2025-01-16 9.8 Critical
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.
CVE-2023-45317 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2025-01-16 8.8 High
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
CVE-2023-45228 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2025-01-16 6.5 Medium
The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.
CVE-2023-41966 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2025-01-16 6.5 Medium
The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
CVE-2023-0897 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 8.8 High
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
CVE-2023-5754 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 9.1 Critical
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
CVE-2023-46661 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 9.8 Critical
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
CVE-2023-46662 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 7.5 High
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
CVE-2023-46663 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 7.5 High
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.