Search Results (364967 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33553 1 Planet 2 Wdrt-1800ax, Wdrt-1800ax Firmware 2025-01-07 9.8 Critical
An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.
CVE-2023-33282 1 Marvalglobal 1 Msm 2025-01-07 9.1 Critical
Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application.
CVE-2023-31116 1 Samsung 4 Exynos 5123, Exynos 5123 Firmware, Exynos 5300 and 1 more 2025-01-07 9.8 Critical
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application.
CVE-2023-31115 1 Samsung 4 Exynos 5123, Exynos 5123 Firmware, Exynos 5300 and 1 more 2025-01-07 7.5 High
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.
CVE-2023-31114 1 Samsung 4 Exynos 5123, Exynos 5123 Firmware, Exynos 5300 and 1 more 2025-01-07 9.1 Critical
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.
CVE-2023-28739 1 Intel 1 Chipset Device Software 2025-01-07 6.7 Medium
Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-45073 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Websphere Application Server and 4 more 2025-01-07 4.8 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-9003 1 Hpe 1 Arubaos 2025-01-07 N/A
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.
CVE-2024-56762 2025-01-07 7.0 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-56686 2025-01-07 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-49967 1 Redhat 1 Enterprise Linux 2025-01-07 7.1 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-34568 1 Tenda 2 Ac10, Ac10 Firmware 2025-01-06 6.7 Medium
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.
CVE-2023-34566 1 Tenda 2 Ac10, Ac10 Firmware 2025-01-06 9.8 Critical
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.
CVE-2023-33660 1 Emqx 1 Nanomq 2025-01-06 7.5 High
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.
CVE-2023-3140 1 Knime 1 Business Hub 2025-01-06 4.3 Medium
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.
CVE-2023-1864 1 Fanuc 2 Roboguide Handlingpro, Roboguide Handlingpro Firmware 2025-01-06 6.8 Medium
FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software.
CVE-2023-33849 3 Hp, Ibm, Linux 5 Hp-ux, Aix, Cics Tx and 2 more 2025-01-06 3.7 Low
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.
CVE-2023-29152 1 Ptc 1 Vuforia Studio 2025-01-06 6.2 Medium
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
CVE-2023-34961 1 Chamilo 1 Chamilo Lms 2025-01-06 6.1 Medium
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVE-2023-34959 1 Chamilo 1 Chamilo Lms 2025-01-06 5.3 Medium
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.