Search Results (366011 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-49000 1 Artistscope 1 Artisbrowser 2024-11-21 9.8 Critical
An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3.
CVE-2023-48987 1 Cusg 1 Content Management System 2024-11-21 7.5 High
Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component.
CVE-2023-48967 1 Noear 1 Solon 2024-11-21 9.8 Critical
Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data.
CVE-2023-48966 1 Thinkadmin 1 Thinkadmin 2024-11-21 8.8 High
An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.
CVE-2023-48964 1 Tenda 2 I6, I6 Firmware 2024-11-21 7.5 High
Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.
CVE-2023-48963 1 Tenda 2 I6, I6 Firmware 2024-11-21 7.5 High
Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.
CVE-2023-48958 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
CVE-2023-48952 1 Openlinksw 1 Virtuoso 2024-11-21 7.5 High
An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2023-48950 1 Openlinksw 1 Virtuoso 2024-11-21 7.5 High
An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2023-48949 1 Openlinksw 1 Virtuoso 2024-11-21 7.5 High
An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2023-48948 1 Openlinksw 1 Virtuoso 2024-11-21 7.5 High
An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2023-48947 1 Openlinksw 1 Virtuoso 2024-11-21 7.5 High
An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2023-48946 1 Openlinksw 1 Virtuoso 2024-11-21 7.5 High
An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2023-48945 1 Openlinksw 1 Virtuoso 2024-11-21 7.5 High
A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-48940 1 Daicuo 1 Daicuo 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-48929 1 Franklin-electric 1 System Sentinel Anyware 2024-11-21 9.8 Critical
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.
CVE-2023-48925 1 Buy-addons 1 Bavideotab 2024-11-21 9.8 Critical
SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().
CVE-2023-48914 1 Iteachyou 1 Dreamer Cms 2024-11-21 8.8 High
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.
CVE-2023-48913 1 Iteachyou 1 Dreamer Cms 2024-11-21 8.8 High
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.
CVE-2023-48910 1 Microcks 1 Microcks 2024-11-21 9.8 Critical
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.