Export limit exceeded: 17355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6626 | 1 Gravitymaster | 1 Product Enquiry For Woocommerce | 2025-05-30 | 4.8 Medium |
| The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-52353 | 1 Arm | 1 Mbed Tls | 2025-05-30 | 7.5 High |
| An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. | ||||
| CVE-2023-52046 | 1 Webmin | 1 Webmin | 2025-05-30 | 4.8 Medium |
| Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. | ||||
| CVE-2023-52039 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | 9.8 Critical |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | ||||
| CVE-2023-52038 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | 9.8 Critical |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | ||||
| CVE-2023-51926 | 1 Yonyou | 1 Yonbip | 2025-05-30 | 7.5 High |
| YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. | ||||
| CVE-2023-51892 | 1 Weaver | 1 E-cology | 2025-05-30 | 9.8 Critical |
| An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | ||||
| CVE-2023-51886 | 1 Ctan | 1 Mathtex | 2025-05-30 | 7.5 High |
| Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath. | ||||
| CVE-2023-51885 | 1 Ctan | 1 Mathtex | 2025-05-30 | 9.8 Critical |
| Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. | ||||
| CVE-2023-50943 | 1 Apache | 1 Airflow | 2025-05-30 | 7.5 High |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. | ||||
| CVE-2023-50693 | 1 Jester Project | 1 Jester | 2025-05-30 | 9.8 Critical |
| An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request. | ||||
| CVE-2023-50274 | 1 Hp | 1 Oneview | 2025-05-30 | 7.8 High |
| HPE OneView may allow command injection with local privilege escalation. | ||||
| CVE-2023-47352 | 1 Technicolor | 2 Tc8715d, Tc8715d Firmware | 2025-05-30 | 8.8 High |
| Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | ||||
| CVE-2023-47200 | 1 Trendmicro | 1 Apex One | 2025-05-30 | 7.8 High |
| A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47201. | ||||
| CVE-2023-47199 | 1 Trendmicro | 1 Apex One | 2025-05-30 | 7.8 High |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. | ||||
| CVE-2023-47194 | 1 Trendmicro | 1 Apex One | 2025-05-30 | 7.8 High |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47195. | ||||
| CVE-2023-47035 | 1 Etherscan | 1 Reptilian Coin | 2025-05-30 | 7.5 High |
| RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. | ||||
| CVE-2023-47033 | 1 Multisigwallet Project | 1 Multisigwallet | 2025-05-30 | 7.5 High |
| MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | ||||
| CVE-2023-45889 | 1 Classlink | 1 Oneclick | 2025-05-30 | 6.1 Medium |
| A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612. | ||||
| CVE-2023-44001 | 1 Linecorp | 1 Line | 2025-05-30 | 5.4 Medium |
| An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||