Export limit exceeded: 341810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341810 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6139 | 1 G5plus | 1 Essential Real Estate | 2025-06-03 | 6.5 Medium |
| The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks. | ||||
| CVE-2023-6042 | 1 Motopress | 1 Getwid | 2025-06-03 | 7.5 High |
| Any unauthenticated user may send e-mail from the site with any title or content to the admin | ||||
| CVE-2023-5877 | 1 Servit | 1 Affiliate-toolkit | 2025-06-03 | 9.8 Critical |
| The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue. | ||||
| CVE-2023-52323 | 2 Pycryptodome, Redhat | 7 Pycryptodome, Pycryptodomex, Ansible Automation Platform and 4 more | 2025-06-03 | 5.9 Medium |
| PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | ||||
| CVE-2023-52322 | 1 Spip | 1 Spip | 2025-06-03 | 6.1 Medium |
| ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. | ||||
| CVE-2023-52271 | 1 Topazevolution | 1 Antifraud | 2025-06-03 | 6.5 Medium |
| The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). | ||||
| CVE-2023-52073 | 1 Flycms Project | 1 Flycms | 2025-06-03 | 8.8 High |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. | ||||
| CVE-2023-52064 | 1 Wuzhicms | 1 Wuzhicms | 2025-06-03 | 9.8 Critical |
| Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. | ||||
| CVE-2023-52031 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-03 | 9.8 Critical |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. | ||||
| CVE-2023-51971 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. | ||||
| CVE-2023-51964 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | ||||
| CVE-2023-51956 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv | ||||
| CVE-2023-51954 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. | ||||
| CVE-2023-51277 | 1 Tinowagner | 1 Jupyter Notebook Viewer | 2025-06-03 | 9.8 Critical |
| nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. | ||||
| CVE-2023-50982 | 1 Studip | 1 Stud.ip | 2025-06-03 | 9 Critical |
| Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. | ||||
| CVE-2023-50922 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2025-06-03 | 7.2 High |
| An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | ||||
| CVE-2023-50916 | 1 Kyocera | 1 Device Manager | 2025-06-03 | 7.2 High |
| Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks. | ||||
| CVE-2023-50643 | 1 Evernote | 1 Evernote | 2025-06-03 | 9.8 Critical |
| An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | ||||
| CVE-2023-50612 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2025-06-03 | 7.8 High |
| Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | ||||
| CVE-2023-50609 | 1 Ava | 1 Teaching Video Application Service Platform | 2025-06-03 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx. | ||||