Search Results (363856 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36555 1 Fortinet 1 Fortios 2024-11-21 3.9 Low
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.
CVE-2023-36554 1 Fortinet 1 Fortimanager 2024-11-21 7.7 High
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
CVE-2023-36551 1 Fortinet 1 Fortisiem 2024-11-21 4.2 Medium
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.
CVE-2023-36550 1 Fortinet 1 Fortiwlm 2024-11-21 9.6 Critical
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVE-2023-36549 1 Fortinet 1 Fortiwlm 2024-11-21 8.6 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVE-2023-36548 1 Fortinet 1 Fortiwlm 2024-11-21 9.6 Critical
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVE-2023-36547 1 Fortinet 1 Fortiwlm 2024-11-21 9.6 Critical
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVE-2023-36543 1 Apache 1 Airflow 2024-11-21 6.5 Medium
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected
CVE-2023-36541 1 Zoom 1 Zoom 2024-11-21 8 High
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.
CVE-2023-36540 1 Zoom 1 Zoom 2024-11-21 7.3 High
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2023-36539 1 Zoom 14 Meetings, Poly Ccx 600, Poly Ccx 600 Firmware and 11 more 2024-11-21 5.3 Medium
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
CVE-2023-36538 1 Zoom 1 Rooms 2024-11-21 8.4 High
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2023-36537 1 Zoom 1 Rooms 2024-11-21 7.3 High
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2023-36536 1 Zoom 1 Rooms 2024-11-21 8.2 High
Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2023-36535 1 Zoom 3 Rooms, Virtual Desktop Infrastructure, Zoom 2024-11-21 7.1 High
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
CVE-2023-36534 1 Zoom 1 Zoom 2024-11-21 9.3 Critical
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
CVE-2023-36533 1 Zoom 2 Meeting Software Development Kit, Video Software Development Kit 2024-11-21 7.1 High
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
CVE-2023-36532 1 Zoom 3 Rooms, Virtual Desktop Infrastructure, Zoom 2024-11-21 5.9 Medium
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
CVE-2023-36530 1 Smartypantsplugins 1 Sp Project \& Document Manager 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
CVE-2023-36522 1 Wepupil 1 Quiz Expert - Easy Quiz Maker\, Exam And Test Manager 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions.