Search Results (363335 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27103 1 Struktur 1 Libde265 2024-11-21 8.8 High
Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.
CVE-2023-27102 1 Struktur 1 Libde265 2024-11-21 6.5 Medium
Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.
CVE-2023-27074 1 Phpgurukul 1 Bp Monitoring Management System 2024-11-21 9.8 Critical
BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.
CVE-2023-26980 2 Pax, Paxtechnology 3 A920 Pro, Paydroid, A920 Pro 2024-11-21 7.0 High
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications.
CVE-2023-26979 1 Bluetens 1 Bluetensq 2024-11-21 3.1 Low
Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication.
CVE-2023-26961 1 Alteryx 1 Alteryx Server 2024-11-21 4.8 Medium
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request.
CVE-2023-26959 1 Phpgurukul 1 Park Ticketing Management System 2024-11-21 9.8 Critical
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.
CVE-2023-26958 1 Phpgurukul 1 Park Ticketing Management System 2024-11-21 4.8 Medium
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.
CVE-2023-26943 1 Assaabloy 2 Yale Keyless Smart Lock, Yale Keyless Smart Lock Firmware 2024-11-21 6.5 Medium
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original.
CVE-2023-26942 1 Assaabloy 2 Yale Ia-210, Yale Ia-210 Firmware 2024-11-21 6.5 Medium
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original.
CVE-2023-26941 1 Assaabloy 2 Yale Conexis L1, Yale Conexis L1 Firmware 2024-11-21 6.5 Medium
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.
CVE-2023-26930 1 Xpdfreader 1 Xpdf 2024-11-21 5.5 Medium
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”
CVE-2023-26920 1 Naturalintelligence 1 Fast Xml Parser 2024-11-21 6.5 Medium
fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.
CVE-2023-26913 1 Evolucare 1 Ecs Imaging 2024-11-21 6.1 Medium
EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. php.
CVE-2023-26911 1 Asus 2 Armoury Crate, Setupasusservices 2024-11-21 7.8 High
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
CVE-2023-26861 1 Vivawallet 1 Viva Wallet 2024-11-21 9.8 Critical
SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module.
CVE-2023-26859 1 Brevo 1 Brevo 2024-11-21 9.8 Critical
SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component.
CVE-2023-26775 1 Monitorr 1 Monitorr 2024-11-21 7.8 High
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.
CVE-2023-26756 1 Revive 1 Adserver 2024-11-21 7.5 High
The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features.
CVE-2023-26596 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 2.5 Low
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.