Export limit exceeded: 339988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 34745 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34745 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49738 | 1 Wwbn | 1 Avideo | 2025-11-04 | 7.5 High |
| An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. | ||||
| CVE-2023-49594 | 1 Michaelkelly | 1 Duouniversalkeycloakauthenticator | 2025-11-04 | 4.5 Medium |
| An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability. | ||||
| CVE-2023-49074 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-11-04 | 7.4 High |
| A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2023-46052 | 1 Sane-project | 1 Sane Backends | 2025-11-04 | 7.1 High |
| Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file. | ||||
| CVE-2023-45744 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | 8.3 High |
| A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-45209 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | 5.3 Medium |
| An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-43491 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | 5.3 Medium |
| An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-42940 | 1 Apple | 1 Macos | 2025-11-04 | 5.7 Medium |
| A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. | ||||
| CVE-2023-42937 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data. | ||||
| CVE-2023-42935 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. | ||||
| CVE-2023-42888 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory. | ||||
| CVE-2023-42887 | 1 Apple | 1 Macos | 2025-11-04 | 6.3 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files. | ||||
| CVE-2023-41707 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | 6.5 Medium |
| Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. | ||||
| CVE-2023-41706 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | 6.5 Medium |
| Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known. | ||||
| CVE-2023-41705 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-11-04 | 6.5 Medium |
| Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. | ||||
| CVE-2023-40528 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences. | ||||
| CVE-2023-40389 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data. | ||||
| CVE-2023-39804 | 1 Gnu | 1 Tar | 2025-11-04 | 6.2 Medium |
| In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. | ||||
| CVE-2023-38945 | 1 Multilaser | 6 Re160, Re160 Firmware, Re160v and 3 more | 2025-11-04 | 8.8 High |
| Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL. | ||||
| CVE-2023-38745 | 2 Debian, Pandoc | 2 Debian Linux, Pandoc | 2025-11-04 | 6.3 Medium |
| Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names). | ||||