Export limit exceeded: 342499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8778 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39957 | 1 Nextcloud | 1 Talk | 2024-11-21 | 7.8 High |
| Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-39699 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 9.8 Critical |
| IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. | ||||
| CVE-2023-39584 | 1 Hexo | 1 Hexo | 2024-11-21 | 7.5 High |
| Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. | ||||
| CVE-2023-39559 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | 5.3 Medium |
| AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. | ||||
| CVE-2023-39528 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.8 Medium |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2023-39525 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.5 Medium |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2023-39448 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 8.8 High |
| Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. | ||||
| CVE-2023-39407 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 9.1 Critical |
| The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. | ||||
| CVE-2023-39402 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39401 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39400 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39299 | 1 Qnap | 1 Music Station | 2024-11-21 | 7.5 High |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later | ||||
| CVE-2023-39163 | 2024-11-21 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0. | ||||
| CVE-2023-39141 | 1 Ziahamza | 1 Webui-aria2 | 2024-11-21 | 7.5 High |
| webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. | ||||
| CVE-2023-39139 | 1 Archive Project | 1 Archive | 2024-11-21 | 7.8 High |
| An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file. | ||||
| CVE-2023-39138 | 1 Peakstep | 1 Zipfoundation | 2024-11-21 | 7.8 High |
| An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file. | ||||
| CVE-2023-39135 | 1 Marmelroy | 1 Zip | 2024-11-21 | 7.8 High |
| An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry. | ||||
| CVE-2023-39026 | 2 Filemage, Microsoft | 2 Filemage, Windows | 2024-11-21 | 7.5 High |
| Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. | ||||
| CVE-2023-38997 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 7.2 High |
| A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive. | ||||
| CVE-2023-38956 | 1 Zkteco | 1 Bioaccess Ivs | 2024-11-21 | 7.5 High |
| A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | ||||