Export limit exceeded: 342728 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342728 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 34836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52271 | 1 Topazevolution | 1 Antifraud | 2025-06-03 | 6.5 Medium |
| The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). | ||||
| CVE-2023-52031 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-03 | 9.8 Critical |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. | ||||
| CVE-2023-51277 | 1 Tinowagner | 1 Jupyter Notebook Viewer | 2025-06-03 | 9.8 Critical |
| nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. | ||||
| CVE-2023-50643 | 1 Evernote | 1 Evernote | 2025-06-03 | 9.8 Critical |
| An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | ||||
| CVE-2023-50090 | 1 Ureport2 Project | 1 Ureport2 | 2025-06-03 | 9.8 Critical |
| Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. | ||||
| CVE-2023-49558 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | ||||
| CVE-2023-49556 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | ||||
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2025-06-03 | 7.5 High |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | ||||
| CVE-2023-45559 | 1 Linecorp | 1 Line | 2025-06-03 | 8.2 High |
| An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | ||||
| CVE-2023-42866 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-06-03 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2023-42831 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user. | ||||
| CVE-2023-42828 | 1 Apple | 1 Macos | 2025-06-03 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges. | ||||
| CVE-2023-40437 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | ||||
| CVE-2023-40433 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | ||||
| CVE-2023-32424 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-06-03 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | ||||
| CVE-2022-48504 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | ||||
| CVE-2023-33040 | 1 Qualcomm | 288 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 285 more | 2025-06-03 | 7.5 High |
| Transient DOS in Data Modem during DTLS handshake. | ||||
| CVE-2023-48732 | 1 Mattermost | 1 Mattermost Server | 2025-06-03 | 4.3 Medium |
| Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel. | ||||
| CVE-2023-48418 | 1 Google | 2 Pixel Watch, Pixel Watch Firmware | 2025-06-03 | 10 Critical |
| In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation | ||||
| CVE-2023-46741 | 1 Linuxfoundation | 1 Cubefs | 2025-06-03 | 4.8 Medium |
| CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has succesfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading. | ||||