Export limit exceeded: 337302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337302 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50643 | 1 Evernote | 1 Evernote | 2025-06-03 | 9.8 Critical |
| An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | ||||
| CVE-2023-50612 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2025-06-03 | 7.8 High |
| Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | ||||
| CVE-2023-50609 | 1 Ava | 1 Teaching Video Application Service Platform | 2025-06-03 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx. | ||||
| CVE-2023-50585 | 1 Tenda | 2 A18, A18 Firmware | 2025-06-03 | 9.8 Critical |
| Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | ||||
| CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-03 | 3.7 Low |
| HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | ||||
| CVE-2023-50162 | 1 Phome | 1 Empirecms | 2025-06-03 | 7.2 High |
| SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function. | ||||
| CVE-2023-50136 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-03 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. | ||||
| CVE-2023-50126 | 1 Hozard | 1 Alarm System | 2025-06-03 | 6.5 Medium |
| Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state. | ||||
| CVE-2023-50090 | 1 Ureport2 Project | 1 Ureport2 | 2025-06-03 | 9.8 Critical |
| Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. | ||||
| CVE-2023-50027 | 1 Buy-addons | 1 Bazoom Magnifier | 2025-06-03 | 9.8 Critical |
| SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. | ||||
| CVE-2023-49558 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | ||||
| CVE-2023-49556 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | ||||
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2025-06-03 | 7.5 High |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | ||||
| CVE-2023-49471 | 1 Barassistant | 1 Bar Assistant | 2025-06-03 | 8.8 High |
| Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code. | ||||
| CVE-2023-49394 | 1 Easycorp | 1 Zentao | 2025-06-03 | 6.1 Medium |
| Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | ||||
| CVE-2023-48261 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-03 | 5.3 Medium |
| The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | ||||
| CVE-2023-47994 | 1 Freeimage Project | 1 Freeimage | 2025-06-03 | 8.8 High |
| An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code. | ||||
| CVE-2023-47890 | 1 Pyload | 1 Pyload | 2025-06-03 | 8.8 High |
| pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. | ||||
| CVE-2023-46474 | 1 Sigb | 1 Pmb | 2025-06-03 | 7.2 High |
| File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. | ||||
| CVE-2023-45722 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-03 | 8.8 High |
| HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. | ||||