Export limit exceeded: 341827 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341827 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40433 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | ||||
| CVE-2023-39336 | 1 Ivanti | 1 Endpoint Manager | 2025-06-03 | 8.8 High |
| An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. | ||||
| CVE-2023-38827 | 1 Follettlearning | 1 Solutions Destiny | 2025-06-03 | 6.1 Medium |
| Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. | ||||
| CVE-2023-37644 | 1 Swftools | 1 Swftools | 2025-06-03 | 5.5 Medium |
| SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c. | ||||
| CVE-2023-37608 | 1 Automaticsystems | 2 Soc Fl9600 Firstlane, Soc Fl9600 Firstlane Firmware | 2025-06-03 | 7.5 High |
| An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password. | ||||
| CVE-2023-37607 | 1 Automaticsystems | 2 Soc Fl9600 Firstlane, Soc Fl9600 Firstlane Firmware | 2025-06-03 | 7.5 High |
| Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter. | ||||
| CVE-2023-32886 | 1 Mediatek | 47 Mt2735, Mt6813, Mt6833 and 44 more | 2025-06-03 | 7.5 High |
| In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. | ||||
| CVE-2023-32884 | 2 Google, Mediatek | 60 Android, Mt2713, Mt6580 and 57 more | 2025-06-03 | 6.7 Medium |
| In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011. | ||||
| CVE-2023-32883 | 2 Google, Mediatek | 57 Android, Mt2713, Mt6580 and 54 more | 2025-06-03 | 6.7 Medium |
| In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249. | ||||
| CVE-2023-32876 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-03 | 4.4 Medium |
| In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612. | ||||
| CVE-2023-32872 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-03 | 6.7 Medium |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607. | ||||
| CVE-2023-32424 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-06-03 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | ||||
| CVE-2023-29962 | 1 S-cms | 1 S-cms | 2025-06-03 | 6.5 Medium |
| S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | ||||
| CVE-2023-28185 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-03 | 5.5 Medium |
| An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service. | ||||
| CVE-2023-26998 | 1 Netscout | 1 Ngeniusone | 2025-06-03 | 5.4 Medium |
| Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | ||||
| CVE-2022-48504 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | ||||
| CVE-2022-3328 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2025-06-03 | 7.8 High |
| Race condition in snap-confine's must_mkdir_and_open_with_perms() | ||||
| CVE-2022-39009 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-03 | 9.8 Critical |
| The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions. | ||||
| CVE-2020-26627 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-03 | 4.9 Medium |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | ||||
| CVE-2020-26623 | 1 Gilacms | 1 Gila Cms | 2025-06-03 | 3.8 Low |
| SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. | ||||