Search

Search Results (314948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28461 1 Arraynetworks 14 Ag1000, Ag1000t, Ag1000v5 and 11 more 2025-10-22 9.8 Critical
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
CVE-2023-28434 1 Minio 1 Minio 2025-10-22 8.8 High
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.
CVE-2023-28432 1 Minio 1 Minio 2025-10-22 7.5 High
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
CVE-2023-28206 1 Apple 3 Ipados, Iphone Os, Macos 2025-10-22 8.6 High
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
CVE-2023-28205 2 Apple, Redhat 6 Ipados, Iphone Os, Macos and 3 more 2025-10-22 8.8 High
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2023-27532 1 Veeam 1 Veeam Backup \& Replication 2025-10-22 7.5 High
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
CVE-2023-26360 1 Adobe 1 Coldfusion 2025-10-22 8.6 High
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CVE-2023-26359 1 Adobe 1 Coldfusion 2025-10-22 9.8 Critical
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CVE-2023-26083 1 Arm 4 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more 2025-10-22 3.3 Low
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
CVE-2023-25717 2 Commscope, Ruckuswireless 61 Ruckus Smartzone Firmware, E510, H320 and 58 more 2025-10-22 9.8 Critical
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
CVE-2023-25280 1 Dlink 2 Dir820la1, Dir820la1 Firmware 2025-10-22 9.8 Critical
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
CVE-2023-24880 1 Microsoft 10 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 7 more 2025-10-22 4.4 Medium
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-23752 1 Joomla 1 Joomla\! 2025-10-22 5.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVE-2023-23529 2 Apple, Redhat 6 Ipados, Iphone Os, Macos and 3 more 2025-10-22 8.8 High
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2023-23397 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2025-10-22 9.8 Critical
Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2023-23376 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-10-22 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-22952 1 Sugarcrm 1 Sugarcrm 2025-10-22 8.8 High
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
CVE-2023-21839 1 Oracle 1 Weblogic Server 2025-10-22 7.5 High
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2023-21823 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-10-22 7.8 High
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2023-21715 1 Microsoft 1 365 Apps 2025-10-22 7.3 High
Microsoft Publisher Security Feature Bypass Vulnerability