Export limit exceeded: 341935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341935 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51277 | 1 Tinowagner | 1 Jupyter Notebook Viewer | 2025-06-03 | 9.8 Critical |
| nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. | ||||
| CVE-2023-50982 | 1 Studip | 1 Stud.ip | 2025-06-03 | 9 Critical |
| Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. | ||||
| CVE-2023-50922 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2025-06-03 | 7.2 High |
| An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | ||||
| CVE-2023-50916 | 1 Kyocera | 1 Device Manager | 2025-06-03 | 7.2 High |
| Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks. | ||||
| CVE-2023-50643 | 1 Evernote | 1 Evernote | 2025-06-03 | 9.8 Critical |
| An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | ||||
| CVE-2023-50612 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2025-06-03 | 7.8 High |
| Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | ||||
| CVE-2023-50609 | 1 Ava | 1 Teaching Video Application Service Platform | 2025-06-03 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx. | ||||
| CVE-2023-50585 | 1 Tenda | 2 A18, A18 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | ||||
| CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-03 | 3.7 Low |
| HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | ||||
| CVE-2023-50162 | 1 Phome | 1 Empirecms | 2025-06-03 | 7.2 High |
| SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function. | ||||
| CVE-2023-50136 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-03 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. | ||||
| CVE-2023-50126 | 1 Hozard | 1 Alarm System | 2025-06-03 | 6.5 Medium |
| Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state. | ||||
| CVE-2023-50090 | 1 Ureport2 Project | 1 Ureport2 | 2025-06-03 | 9.8 Critical |
| Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. | ||||
| CVE-2023-50027 | 1 Buy-addons | 1 Bazoom Magnifier | 2025-06-03 | 9.8 Critical |
| SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. | ||||
| CVE-2023-49558 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | ||||
| CVE-2023-49556 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | ||||
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2025-06-03 | 7.5 High |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | ||||
| CVE-2023-49471 | 1 Barassistant | 1 Bar Assistant | 2025-06-03 | 8.8 High |
| Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code. | ||||
| CVE-2023-49394 | 1 Easycorp | 1 Zentao | 2025-06-03 | 6.1 Medium |
| Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | ||||
| CVE-2023-48261 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-03 | 5.3 Medium |
| The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | ||||