Search Results (366043 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-49242 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49241 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49240 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49230 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 8.8 High
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
CVE-2023-49229 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 4.3 Medium
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.
CVE-2023-49226 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 7.2 High
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
CVE-2023-49216 1 Usedesk 1 Usedesk 2024-11-21 5.4 Medium
Usedesk before 1.7.57 allows profile stored XSS.
CVE-2023-49214 1 Usedesk 1 Usedesk 2024-11-21 9.8 Critical
Usedesk before 1.7.57 allows chat template injection.
CVE-2023-49213 1 Ironmansoftware 1 Powershell Universal 2024-11-21 8.8 High
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.
CVE-2023-49210 1 Node-openssl Project 1 Node-openssl 2024-11-21 9.8 Critical
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-49198 1 Apache 1 Seatunnel 2024-11-21 7.5 High
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.
CVE-2023-49188 1 Zealousweb 1 Track Geolocation Of Users Using Contact Form 7 2024-11-21 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0.
CVE-2023-49147 1 Pdf24 1 Pdf24 Creator 2024-11-21 7.8 High
An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe.
CVE-2023-49146 1 Getgrav 1 Dom-sanitizer 2024-11-21 6.1 Medium
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.
CVE-2023-49143 1 Jtekt 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more 2024-11-21 7.5 High
Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
CVE-2023-49140 1 Jtekt 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more 2024-11-21 7.5 High
Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.
CVE-2023-49135 1 Openatom 1 Openharmony 2024-11-21 4 Medium
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
CVE-2023-49118 1 Openatom 1 Openharmony 2024-11-21 2.9 Low
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
CVE-2023-49117 1 Alfasado 1 Powercms 2024-11-21 5.4 Medium
PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
CVE-2023-49115 1 Machinesense 2 Feverwarn, Feverwarn Firmware 2024-11-21 7.5 High
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.