Search Results (363819 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36532 1 Zoom 3 Rooms, Virtual Desktop Infrastructure, Zoom 2024-11-21 5.9 Medium
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
CVE-2023-36530 1 Smartypantsplugins 1 Sp Project \& Document Manager 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
CVE-2023-36522 1 Wepupil 1 Quiz Expert - Easy Quiz Maker\, Exam And Test Manager 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions.
CVE-2023-36516 1 Thimpress 1 Learnpress 2024-11-21 7.6 High
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
CVE-2023-36515 1 Thimpress 1 Learnpress 2024-11-21 7.3 High
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
CVE-2023-36514 1 Woocommerce 1 Shipping Multiple Addresses 2024-11-21 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVE-2023-36513 1 Woocommerce 1 Automatewoo 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
CVE-2023-36511 1 Woocommerce 1 Woocommerce Order Barcodes 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
CVE-2023-36503 1 Maxfoundry 1 Maxbuttons 2024-11-21 6.5 Medium
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions.
CVE-2023-36502 1 Cththemes 1 Balkon 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.
CVE-2023-36501 1 Mtrv 1 Teachpress 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions.
CVE-2023-36499 1 Netgear 2 Xr300, Xr300 Firmware 2024-11-21 8.8 High
Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.
CVE-2023-36493 1 Intel 1 Software Development Kit For Opencl 2024-11-21 6.7 Medium
Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-36492 1 Ss-proj 1 Shirasagi 2024-11-21 6.1 Medium
Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
CVE-2023-36490 1 Intel 1 Memory And Storage Tool 2024-11-21 5 Medium
Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-36489 1 Tp-link 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr841n and 3 more 2024-11-21 8.8 High
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
CVE-2023-36485 1 Ilias 1 Ilias 2024-11-21 7.2 High
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
CVE-2023-36482 1 Samsung 10 S3nrn4v, S3nrn4v Firmware, S3nrn82 and 7 more 2024-11-21 4.3 Medium
An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.
CVE-2023-36481 1 Samsung 27 Exynos, Exynos 1080, Exynos 1080 Firmware and 24 more 2024-11-21 7.5 High
An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop.
CVE-2023-36480 1 Aerospike 1 Aerospike Java Client 2024-11-21 9.8 Critical
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue.