Search Results (363090 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-49229 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 4.3 Medium
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.
CVE-2023-49226 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 7.2 High
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
CVE-2023-49216 1 Usedesk 1 Usedesk 2024-11-21 5.4 Medium
Usedesk before 1.7.57 allows profile stored XSS.
CVE-2023-49214 1 Usedesk 1 Usedesk 2024-11-21 9.8 Critical
Usedesk before 1.7.57 allows chat template injection.
CVE-2023-49213 1 Ironmansoftware 1 Powershell Universal 2024-11-21 8.8 High
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.
CVE-2023-49210 1 Node-openssl Project 1 Node-openssl 2024-11-21 9.8 Critical
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-49198 1 Apache 1 Seatunnel 2024-11-21 7.5 High
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.
CVE-2023-49188 1 Zealousweb 1 Track Geolocation Of Users Using Contact Form 7 2024-11-21 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0.
CVE-2023-49147 1 Pdf24 1 Pdf24 Creator 2024-11-21 7.8 High
An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe.
CVE-2023-49146 1 Getgrav 1 Dom-sanitizer 2024-11-21 6.1 Medium
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.
CVE-2023-49143 1 Jtekt 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more 2024-11-21 7.5 High
Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
CVE-2023-49140 1 Jtekt 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more 2024-11-21 7.5 High
Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
CVE-2023-49135 1 Openatom 1 Openharmony 2024-11-21 4 Medium
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
CVE-2023-49118 1 Openatom 1 Openharmony 2024-11-21 2.9 Low
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
CVE-2023-49117 1 Alfasado 1 Powercms 2024-11-21 5.4 Medium
PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
CVE-2023-49115 1 Machinesense 2 Feverwarn, Feverwarn Firmware 2024-11-21 7.5 High
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
CVE-2023-49108 1 Sei-info 1 Rakrak Document Plus 2024-11-21 8.8 High
Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.
CVE-2023-49106 3 Hitachi, Linux, Microsoft 3 Device Manager, Linux Kernel, Windows 2024-11-21 4.6 Medium
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.
CVE-2023-49104 1 Owncloud 1 Oauth2 2024-11-21 8.7 High
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker.
CVE-2023-49102 1 Nzbget 1 Nzbget 2024-11-21 8.8 High
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.