Export limit exceeded: 10262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10262 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33706 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 6.5 Medium |
| SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | ||||
| CVE-2023-33368 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 6.5 Medium |
| Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | ||||
| CVE-2023-33224 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2023-33041 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csr8811 and 251 more | 2024-11-21 | 7.5 High |
| Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | ||||
| CVE-2023-32846 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861). | ||||
| CVE-2023-32845 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860). | ||||
| CVE-2023-32844 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850). | ||||
| CVE-2023-32842 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848). | ||||
| CVE-2023-32841 | 1 Mediatek | 36 Mt2735, Mt2737, Mt6297 and 33 more | 2024-11-21 | 7.5 High |
| In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846). | ||||
| CVE-2023-32820 | 4 Google, Linux, Linuxfoundation and 1 more | 43 Android, Linux Kernel, Yocto and 40 more | 2024-11-21 | 7.5 High |
| In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. | ||||
| CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | ||||
| CVE-2023-32760 | 1 Archerirm | 1 Archer | 2024-11-21 | 7.7 High |
| An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication. | ||||
| CVE-2023-32759 | 1 Archerirm | 1 Archer | 2024-11-21 | 7.5 High |
| An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. | ||||
| CVE-2023-32669 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | 5.4 Medium |
| Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id). | ||||
| CVE-2023-32644 | 1 Intel | 10 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 7 more | 2024-11-21 | 4.3 Medium |
| Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2023-32639 | 1 Moj | 1 Applicant Programme | 2024-11-21 | 5.5 Medium |
| Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | ||||
| CVE-2023-32635 | 1 Edinet-fsa | 1 Xbrl Data Create | 2024-11-21 | 5.5 Medium |
| XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker. | ||||
| CVE-2023-32567 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical |
| Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236 | ||||
| CVE-2023-32517 | 1 Ibericode | 1 Mailchimp | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | ||||
| CVE-2023-32467 | 1 Dell | 12 Chengming 3977, Chengming 3977 Firmware, Edge Gateway 3200 and 9 more | 2024-11-21 | 5.7 Medium |
| Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. | ||||