Search Results (364353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-48861 2 Baidu, Microsoft 2 Ttplayer, Windows 2024-11-26 7.8 High
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.
CVE-2023-49432 1 Tenda 2 Ax9, Ax9 Firmware 2024-11-26 9.8 Critical
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
CVE-2024-23355 1 Qualcomm 286 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 283 more 2024-11-26 7.8 High
Memory corruption when keymaster operation imports a shared key.
CVE-2023-49999 1 Tenda 2 W30e, W30e Firmware 2024-11-26 9.8 Critical
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
CVE-2024-34435 1 Coderevolution 1 Aiomatic 2024-11-26 4.3 Medium
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3.
CVE-2023-33411 1 Supermicro 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more 2024-11-26 7.5 High
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.
CVE-2023-41171 1 Netscout 1 Ngeniusone 2024-11-26 5.4 Medium
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4).
CVE-2023-49462 1 Struktur 1 Libheif 2024-11-26 8.8 High
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
CVE-2023-50444 1 Primx 3 Zed\!, Zedmail, Zonecentral 2024-11-26 7.5 High
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
CVE-2023-41621 1 Emlog 1 Emlog 2024-11-26 6.1 Medium
A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.
CVE-2023-41618 1 Emlog 1 Emlog 2024-11-26 6.1 Medium
Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.
CVE-2023-47321 1 Silverpeas 1 Silverpeas 2024-11-26 4.9 Medium
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.
CVE-2023-47327 1 Silverpeas 1 Silverpeas 2024-11-26 4.3 Medium
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.
CVE-2023-50565 1 Rpcms 1 Rpcms 2024-11-26 5.4 Medium
A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-50101 1 Jfinalcms Project 1 Jfinalcms 2024-11-26 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
CVE-2023-50089 1 Netgear 2 Wnr2000, Wnr2000 Firmware 2024-11-26 9.8 Critical
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
CVE-2018-0391 1 Cisco 2 Prime Collaboration, Prime Collaboration Provisioning 2024-11-26 N/A
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586.
CVE-2023-49706 1 Linotp 2 Linotp, Virtual Appliance 2024-11-26 6.8 Medium
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.
CVE-2023-50989 1 Tenda 2 I29, I29 Firmware 2024-11-26 9.8 Critical
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
CVE-2022-43675 1 Nokia 1 Network Functions Manager For Transport 2024-11-26 6.1 Medium
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.