Search Results (364947 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-35843 1 Nocodb 1 Nocodb 2024-12-12 7.5 High
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
CVE-2023-35840 1 Std42 1 Elfinder 2024-12-12 6.5 Medium
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
CVE-2023-34657 1 Eyoucms 1 Eyoucms 2024-12-12 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
CVE-2023-34642 1 Kioware 1 Kioware 2024-12-12 7.8 High
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
CVE-2023-34641 1 Kioware 1 Kioware 2024-12-12 7.8 High
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
CVE-2023-34603 1 Jeecg 1 Jeecgboot 2024-12-12 7.5 High
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
CVE-2023-34602 1 Jeecg 1 Jeecgboot 2024-12-12 7.5 High
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
CVE-2023-34167 1 Huawei 1 Emui 2024-12-12 5.3 Medium
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-34166 1 Huawei 1 Emui 2024-12-12 7.5 High
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
CVE-2023-34163 1 Huawei 1 Emui 2024-12-12 7.5 High
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-34162 1 Huawei 1 Emui 2024-12-12 7.5 High
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.
CVE-2023-34161 1 Huawei 1 Emui 2024-12-12 7.5 High
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-34160 1 Huawei 1 Emui 2024-12-12 5.3 Medium
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-34159 1 Huawei 1 Emui 2024-12-12 9.8 Critical
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
CVE-2023-34158 1 Huawei 1 Emui 2024-12-12 5.3 Medium
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-31366 1 Amd 1 Uprof 2024-12-12 3.3 Low
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.
CVE-2023-31349 1 Amd 2 Amd Uprof, Uprof 2024-12-12 7.3 High
Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-31348 1 Amd 2 Uprof, Uprof Tool 2024-12-12 7.3 High
A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-2751 1 Upload Resume Project 1 Upload Resume 2024-12-12 5.3 Medium
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
CVE-2023-2654 1 Themify 1 Conditional Menus 2024-12-12 6.1 Medium
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin