Search Results (363775 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-35785 1 Zohocorp 17 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 14 more 2024-11-21 8.1 High
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
CVE-2023-35781 1 Lws 1 Lws Cleaner 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions.
CVE-2023-35780 1 Galleria Project 1 Galleria 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions.
CVE-2023-35779 1 Seedwebs 1 Seed Fonts 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions.
CVE-2023-35778 1 Recent Posts Slider Project 1 Recent Posts Slider 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
CVE-2023-35776 1 Bearsthemes 1 Sermons Online 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
CVE-2023-35774 1 Lws 1 Lws Tools 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions.
CVE-2023-35773 1 Template Debugger Project 1 Template Debugger 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions.
CVE-2023-35772 1 Google Map Shortcode Project 1 Google Map Shortcode 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.
CVE-2023-35769 1 Intel 1 Computing Improvement Program 2024-11-21 6.7 Medium
Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35767 1 Perforce 1 Helix Core 2024-11-21 7.5 High
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.  
CVE-2023-35765 1 Piigab 2 M-bus 900s, M-bus 900s Firmware 2024-11-21 6.5 Medium
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.
CVE-2023-35763 1 Iagona 1 Scrutisweb 2024-11-21 5.5 Medium
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.
CVE-2023-35762 1 Inea 2 Me Rtu, Me Rtu Firmware 2024-11-21 9.9 Critical
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution.
CVE-2023-35759 1 Progress 1 Whatsup Gold 2024-11-21 6.1 Medium
In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS.
CVE-2023-35719 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 6.8 Medium
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.
CVE-2023-35694 1 Google 1 Android 2024-11-21 7.5 High
In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-35693 1 Google 1 Android 2024-11-21 6.7 Medium
In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-35692 1 Google 1 Android 2024-11-21 7.8 High
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-35691 1 Google 1 Android 2024-11-21 7.2 High
there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation.