Search Results (363604 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34738 1 Chemex 1 Chemex 2024-11-27 9.8 Critical
Chemex through 3.7.1 is vulnerable to arbitrary file upload.
CVE-2022-46395 1 Arm 4 Avalon Gpu Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more 2024-11-27 8.8 High
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.
CVE-2023-24734 1 Sigb 1 Pmb 2024-11-27 9.8 Critical
An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file.
CVE-2023-25304 1 Prismlauncher 1 Prism Launcher 2024-11-27 7.8 High
An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file.
CVE-2023-34843 1 Traggo 1 Traggo 2024-11-27 7.5 High
Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.
CVE-2022-27665 1 Progress 1 Ws Ftp Server 2024-11-27 6.1 Medium
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
CVE-2023-32623 1 2inc 1 Snow Monkey Forms 2024-11-27 9.1 Critical
Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.
CVE-2023-26134 1 Git-commit-info Project 1 Git-commit-info 2024-11-27 9.8 Critical
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.
CVE-2023-36475 1 Parseplatform 1 Parse-server 2024-11-27 9.8 Critical
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.
CVE-2020-26708 1 Requests-xml Project 1 Requests-xml 2024-11-27 7.5 High
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
CVE-2023-28473 1 Concretecms 1 Concrete Cms 2024-11-27 3.3 Low
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
CVE-2020-26709 1 Py-xml Project 1 Py-xml 2024-11-27 7.5 High
py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
CVE-2020-26710 1 Easy-parse Project 1 Easy-parse 2024-11-27 7.5 High
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
CVE-2022-44719 1 Ucopia 3 Weblib, Wireless Appliance, Wireless Appliance Firmware 2024-11-27 7.5 High
An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions.
CVE-2022-44720 1 Ucopia 3 Weblib, Wireless Appliance, Wireless Appliance Firmware 2024-11-27 9.8 Critical
An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot.
CVE-2023-38403 7 Apple, Debian, Es and 4 more 12 Macos, Debian Linux, Iperf3 and 9 more 2024-11-27 7.5 High
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
CVE-2022-46407 1 Ericsson 1 Network Manager 2024-11-27 4.8 Medium
Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability
CVE-2022-46408 1 Ericsson 1 Network Manager 2024-11-27 6.8 Medium
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.
CVE-2023-26085 1 Arm 1 Nn Android Neural Networks Driver 2024-11-27 7.8 High
A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.
CVE-2022-40896 2 Pygments, Redhat 4 Pygments, Ansible Automation Platform, Satellite and 1 more 2024-11-27 5.5 Medium
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.