Export limit exceeded: 350424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43323 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.5 Medium |
| mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. | ||||
| CVE-2023-43305 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43303 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43302 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43301 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43300 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43299 | 1 Linecorp | 1 Line | 2024-11-21 | 5.3 Medium |
| An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43284 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 8.8 High |
| D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. | ||||
| CVE-2023-43234 | 1 Dedebiz | 1 Dedebiz | 2024-11-21 | 9.8 Critical |
| DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | ||||
| CVE-2023-43222 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | ||||
| CVE-2023-43216 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | ||||
| CVE-2023-43120 | 1 Extremenetworks | 1 Exos | 2024-11-21 | 8.8 High |
| An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. | ||||
| CVE-2023-43115 | 3 Artifex, Fedoraproject, Redhat | 4 Ghostscript, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 8.8 High |
| In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). | ||||
| CVE-2023-43114 | 2 Microsoft, Qt | 2 Windows, Qt | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. | ||||
| CVE-2023-43090 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-shell | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. | ||||
| CVE-2023-43088 | 1 Dell | 2 Precision 7865 Tower, Precision 7865 Tower Firmware | 2024-11-21 | 7.2 High |
| Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | ||||
| CVE-2023-43074 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 5.2 Medium |
| Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. | ||||
| CVE-2023-43058 | 2 Ibm, Redhat | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Openshift | 2024-11-21 | 5.3 Medium |
| IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. | ||||
| CVE-2023-43041 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 Medium |
| IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808. | ||||
| CVE-2023-42820 | 1 Fit2cloud | 1 Jumpserver | 2024-11-21 | 7 High |
| JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue. | ||||