Search Results (120781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-22781 1 Hp 2 Arubaos, Instantos 2025-01-31 9.8 Critical
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-28697 1 Moxa 2 Miineport E1, Miineport E1 Firmware 2025-01-31 9.8 Critical
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
CVE-2022-3401 1 Bricksbuilder 1 Bricks 2025-01-31 8.8 High
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.
CVE-2023-28769 1 Zyxel 2 Dx5401-b0, Dx5401-b0 Firmware 2025-01-31 9.8 Critical
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
CVE-2023-22786 1 Hp 2 Arubaos, Instantos 2025-01-31 9.8 Critical
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-22785 1 Hp 2 Arubaos, Instantos 2025-01-31 9.8 Critical
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-22784 1 Hp 2 Arubaos, Instantos 2025-01-31 9.8 Critical
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2023-22783 1 Hp 2 Arubaos, Instantos 2025-01-31 9.8 Critical
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2020-23647 1 Boxbilling 1 Boxbilling 2025-01-31 6.1 Medium
Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.
CVE-2017-20184 1 Gavazzionline 1 Powersoft 2025-01-31 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.
CVE-2021-32589 1 Fortinet 3 Fortianalyzer, Fortimanager, Fortiportal 2025-01-31 7.7 High
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
CVE-2023-26782 1 Chshcms 1 Mccms 2025-01-31 6.5 Medium
An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.
CVE-2023-26781 1 Chshcms 1 Mccms 2025-01-31 9.8 Critical
SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.
CVE-2024-36506 1 Fortinet 2 Forticlientems, Forticlientems Cloud 2025-01-31 3.5 Low
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.
CVE-2023-32331 3 Ibm, Linux, Oracle 4 Aix, Sterling Connect\, Linux Kernel and 1 more 2025-01-31 7.5 High
IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
CVE-2023-33254 1 Quest 1 Kace Systems Deployment Appliance 2025-01-31 6.5 Medium
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.
CVE-2023-31444 1 Talend 1 Studio 2025-01-31 7.5 High
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.
CVE-2024-57386 1 Wallosapp 1 Wallos 2025-01-31 6.1 Medium
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
CVE-2024-46670 1 Fortinet 2 Fortios, Fortipam 2025-01-31 7.5 High
An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.
CVE-2024-37368 1 Rockwellautomation 1 Factorytalk View 2025-01-31 7.5 High
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.