Search Results (363994 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-37849 1 Watchguard 1 Panda Security Vpn 2024-11-21 6.5 Medium
A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe.
CVE-2023-37839 1 Dedecms 1 Dedecms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2023-37837 1 Jpeg 1 Libjpeg 2024-11-21 6.5 Medium
libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2023-37836 1 Jpeg 1 Libjpeg 2024-11-21 6.5 Medium
libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2023-37833 1 Elenos 2 Etg150, Etg150 Firmware 2024-11-21 2.7 Low
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.
CVE-2023-37832 1 Elenos 3 Etg150, Etg150 Firmware, Etg150 Fm 2024-11-21 7.5 High
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.
CVE-2023-37831 1 Elenos 3 Etg150, Etg150 Firmware, Etg150 Fm 2024-11-21 5.3 Medium
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.
CVE-2023-37830 1 General-solutions 1 Contwise Case2 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
CVE-2023-37829 1 General-solutions 1 Contwise Case2 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.
CVE-2023-37828 1 General-solutions 1 Contwise Case2 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter.
CVE-2023-37827 1 General-solutions 1 Contwise Case2 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter.
CVE-2023-37826 1 General-solutions 1 Contwise Case2 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter.
CVE-2023-37824 1 Sitolog 1 Sitolog Application Connect 2024-11-21 9.8 Critical
Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php.
CVE-2023-37798 1 Vanderbilt 1 Redcap 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
CVE-2023-37794 1 Wayos 2 Fbm-291w, Fbm-291w Firmware 2024-11-21 9.8 Critical
WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp.
CVE-2023-37793 1 Wayos 2 Fbm-291w, Fbm-291w Firmware 2024-11-21 9.8 Critical
WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp.
CVE-2023-37791 2 D-link, Dlink 3 Dir-619l, Dir-619l, Dir-619l Firmware 2024-11-21 9.8 Critical
D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin.
CVE-2023-37790 1 Broadcom 1 Clarity 2024-11-21 5.4 Medium
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.
CVE-2023-37788 2 Goproxy Project, Redhat 6 Goproxy, Acm, Openshift and 3 more 2024-11-21 7.5 High
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.
CVE-2023-37787 1 Geeklog 1 Geeklog 2024-11-21 4.8 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.