Search Results (363502 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-49462 1 Struktur 1 Libheif 2024-11-26 8.8 High
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
CVE-2023-50444 1 Primx 3 Zed\!, Zedmail, Zonecentral 2024-11-26 7.5 High
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
CVE-2023-41621 1 Emlog 1 Emlog 2024-11-26 6.1 Medium
A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.
CVE-2023-41618 1 Emlog 1 Emlog 2024-11-26 6.1 Medium
Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.
CVE-2023-47321 1 Silverpeas 1 Silverpeas 2024-11-26 4.9 Medium
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.
CVE-2023-47327 1 Silverpeas 1 Silverpeas 2024-11-26 4.3 Medium
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.
CVE-2023-50565 1 Rpcms 1 Rpcms 2024-11-26 5.4 Medium
A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-50101 1 Jfinalcms Project 1 Jfinalcms 2024-11-26 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
CVE-2023-50089 1 Netgear 2 Wnr2000, Wnr2000 Firmware 2024-11-26 9.8 Critical
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
CVE-2018-0391 1 Cisco 2 Prime Collaboration, Prime Collaboration Provisioning 2024-11-26 N/A
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586.
CVE-2023-49706 1 Linotp 2 Linotp, Virtual Appliance 2024-11-26 6.8 Medium
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.
CVE-2023-50989 1 Tenda 2 I29, I29 Firmware 2024-11-26 9.8 Critical
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
CVE-2022-43675 1 Nokia 1 Network Functions Manager For Transport 2024-11-26 6.1 Medium
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.
CVE-2023-36486 1 Ilias 1 Ilias 2024-11-26 7.2 High
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
CVE-2023-51097 1 Tenda 2 W9, W9 Firmware 2024-11-26 9.8 Critical
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.
CVE-2023-46919 1 Fedirtsapana 2 Simple Http Server, Simple Http Server Plus 2024-11-26 6.3 Medium
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it decrypt the TLS secret.
CVE-2018-0397 2 Apple, Cisco 2 Mac Os X, Advanced Malware Protection For Endpoints 2024-11-26 N/A
A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192.
CVE-2018-0406 1 Cisco 1 Web Security Appliance 2024-11-26 N/A
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve84006.
CVE-2018-0407 1 Cisco 56 Sf300-08, Sf300-08 Firmware, Sf300-24 and 53 more 2024-11-26 N/A
A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326.
CVE-2023-49228 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-26 6.4 Medium
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.