Search Results (363345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25399 1 Scipy 1 Scipy 2024-11-21 5.5 Medium
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
CVE-2023-25395 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.
CVE-2023-25330 1 Mybatis 1 Mybatis 2024-11-21 9.8 Critical
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
CVE-2023-25230 1 Loonflow Project 1 Loonflow 2024-11-21 4.9 Medium
A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter.
CVE-2023-25201 1 Multitech 4 Conduit Ap Mtcap2-l4e1, Conduit Ap Mtcap2-l4e1-868-042a, Conduit Ap Mtcap2-l4e1-868-042a Firmware and 1 more 2024-11-21 8.8 High
Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.
CVE-2023-25197 1 Apache 1 Fineract 2024-11-21 6.3 Medium
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components.   This issue affects apache fineract: from 1.4 through 1.8.2.
CVE-2023-25196 1 Apache 1 Fineract 2024-11-21 4.3 Medium
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components.   This issue affects Apache Fineract: from 1.4 through 1.8.2.
CVE-2023-25195 1 Apache 1 Fineract 2024-11-21 8.1 High
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.  This issue affects Apache Fineract: from 1.4 through 1.8.3.
CVE-2023-25182 1 Intel 1 Unite 2024-11-21 4.2 Medium
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25181 2 Silabs, Weston-embedded 3 Gecko Software Development Kit, Cesium Net, Uc-http 2024-11-21 9 Critical
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-25080 1 Intel 1 Openvino 2024-11-21 5.3 Medium
Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-25075 1 Intel 1 Server Configuration Utility 2024-11-21 6.7 Medium
Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25074 1 Gallagher 1 Command Centre 2024-11-21 7.1 High
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.
CVE-2023-25071 2 Intel, Microsoft 3 Arc A Graphics, Iris Xe Graphics, Windows 2024-11-21 5.6 Medium
NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.
CVE-2023-25063 1 Anadnet 1 Quick Page\/post Redirect Plugin 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions.
CVE-2023-25061 1 Kibokolabs 1 Arigato Autoresponder And Newsletter 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
CVE-2023-25055 1 Digitalinspiration 1 Google Xml Sitemap For Videos 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions.
CVE-2023-25051 1 Comment Reply Notification Project 1 Comment Reply Notification 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions.
CVE-2023-25046 1 Podlove 1 Podlove Podcast Publisher 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.
CVE-2023-25044 1 Sumo 1 Social Share Boost 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions.