Search Results (363304 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25706 1 Pagup 1 Better Robots.txt 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.
CVE-2023-25697 1 Gamipress 1 Gamipress 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.
CVE-2023-25696 1 Apache 1 Apache-airflow-providers-apache-hive 2024-11-21 9.8 Critical
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.
CVE-2023-25682 1 Ibm 1 Sterling B2b Integrator 2024-11-21 6.2 Medium
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.
CVE-2023-25651 1 Zte 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more 2024-11-21 4.3 Medium
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
CVE-2023-25649 1 Zte 2 Mf286r, Mf286r Firmware 2024-11-21 6.8 Medium
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVE-2023-25647 1 Zte 8 Axon 30, Axon 30 Firmware, Axon 40 Pro and 5 more 2024-11-21 4.7 Medium
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
CVE-2023-25643 1 Zte 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more 2024-11-21 8.4 High
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVE-2023-25642 1 Zte 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more 2024-11-21 5.9 Medium
There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. 
CVE-2023-25632 1 Naver 1 Whale Browser 2024-11-21 5.5 Medium
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
CVE-2023-25611 1 Fortinet 1 Fortianalyzer 2024-11-21 4 Medium
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
CVE-2023-25609 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-21 4.2 Medium
A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.
CVE-2023-25608 1 Fortinet 4 Fortiap, Fortiap-c, Fortiap-u and 1 more 2024-11-21 5.2 Medium
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.
CVE-2023-25606 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-21 6.2 Medium
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
CVE-2023-25605 1 Fortinet 1 Fortisoar 2024-11-21 7.5 High
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.
CVE-2023-25604 1 Fortinet 1 Fortiguest 2024-11-21 5.5 Medium
An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.
CVE-2023-25603 1 Fortinet 2 Fortiadc, Fortiddos-f 2024-11-21 5.4 Medium
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.
CVE-2023-25602 1 Fortinet 1 Fortiweb 2024-11-21 7.4 High
A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.
CVE-2023-25600 1 Insyde 1 Insydecrpkg 2024-11-21 7.1 High
An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.
CVE-2023-25543 1 Dell 1 Power Manager 2024-11-21 7.8 High
Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.