Search Results (120836 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0357 1 Helpy.io 1 Helpy 2025-02-13 6.1 Medium
Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.
CVE-2023-0325 1 Uvdesk 1 Community-skeleton 2025-02-13 6.1 Medium
Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
CVE-2023-0265 1 Uvdesk 1 Community-skeleton 2025-02-13 8.8 High
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
CVE-2020-23258 1 Jsish 1 Jsish 2025-02-13 7.5 High
An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.
CVE-2020-22533 1 Easycorp 1 Zentao 2025-02-13 6.1 Medium
Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
CVE-2020-21060 1 Phpmywind 1 Phpmywind 2025-02-13 8.8 High
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.
CVE-2020-19277 1 Mm-wiki Project 1 Mm-wiki 2025-02-13 5.4 Medium
Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor.
CVE-2023-4572 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-45239 3 Facebook, Fedoraproject, Meta 3 Tac Plus, Fedora, Tac Plus 2025-02-13 9.8 Critical
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
CVE-2023-4431 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.1 High
Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4430 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4429 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4427 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 8.1 High
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2023-44249 1 Fortinet 2 Fortianalyzer, Fortimanager 2025-02-13 4.1 Medium
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.
CVE-2023-43654 1 Pytorch 1 Torchserve 2025-02-13 10 Critical
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-4365 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 4.3 Medium
Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4364 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 4.3 Medium
Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4363 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2025-02-13 4.3 Medium
Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4362 2 Debian, Google 2 Debian Linux, Chrome 2025-02-13 8.8 High
Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4361 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2025-02-13 5.3 Medium
Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)