Search Results (364872 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42362 1 Teller 1 Teller 2024-11-21 5.4 Medium
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.
CVE-2023-42361 1 Midori-global 1 Better Pdf Exporter 2024-11-21 7.8 High
Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export.
CVE-2023-42359 1 Exam Form Submission In Php With Source Code Project 1 Exam Form Submission In Php With Source Code 2024-11-21 9.8 Critical
SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php.
CVE-2023-42336 1 Netis-systems 2 Wf2409e, Wf2409e Firmware 2024-11-21 9.8 Critical
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
CVE-2023-42335 1 Fl3xx 2 Crew, Dispatch 2024-11-21 8.8 High
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.
CVE-2023-42334 1 Fl3xx 2 Crew, Dispatch 2024-11-21 6.5 Medium
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.
CVE-2023-42331 1 Elitecms 1 Elite Cms 2024-11-21 8.8 High
A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.
CVE-2023-42328 1 Peppermint 1 Peppermint 2024-11-21 8.8 High
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
CVE-2023-42327 1 Netgate 1 Pfsense 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
CVE-2023-42326 1 Netgate 2 Pfsense, Pfsense Plus 2024-11-21 8.8 High
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
CVE-2023-42323 1 Mnbvcxz131421 1 Douhaocms 2024-11-21 8.8 High
Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file.
CVE-2023-42322 1 Icmsdev 1 Icms 2024-11-21 9.8 Critical
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
CVE-2023-42321 1 Icmsdev 1 Icms 2024-11-21 8.8 High
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
CVE-2023-42320 1 Tenda 3 Ac10, Ac10 Firmware, Ac10v4 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.
CVE-2023-42319 1 Ethereum 1 Go Ethereum 2024-11-21 7.5 High
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.
CVE-2023-42299 1 Openimageio 1 Openimageio 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.
CVE-2023-42298 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.
CVE-2023-42295 1 Openimageio 1 Openimageio 2024-11-21 8.8 High
An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c
CVE-2023-42284 1 Tyk 1 Tyk 2024-11-21 9.8 Critical
Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
CVE-2023-42283 1 Tyk 1 Tyk 2024-11-21 9.8 Critical
Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.