Export limit exceeded: 337539 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10180 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35892 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 7.1 High |
| IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. | ||||
| CVE-2023-35883 | 1 Magazine3 | 1 Core Web Vitals \& Pagespeed Booster | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. | ||||
| CVE-2023-35876 | 1 Automattic | 1 Woocommerce Square | 2024-11-21 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | ||||
| CVE-2023-35838 | 2 Microsoft, Wireguard | 2 Windows, Wireguard | 2024-11-21 | 5.7 Medium |
| The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard. | ||||
| CVE-2023-35696 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 7.5 High |
| Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests. | ||||
| CVE-2023-35171 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.1 Medium |
| NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-35134 | 1 Weintek | 1 Weincloud | 2024-11-21 | 7.4 High |
| Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only. | ||||
| CVE-2023-35061 | 2024-11-21 | 4.3 Medium | ||
| Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2023-35029 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | ||||
| CVE-2023-35013 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 2.3 Low |
| IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. | ||||
| CVE-2023-34982 | 1 Aveva | 13 Batch Management, Communication Drivers, Edge and 10 more | 2024-11-21 | 5.5 Medium |
| This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. | ||||
| CVE-2023-34917 | 1 Cms Project | 1 Cms | 2024-11-21 | 6.1 Medium |
| Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. | ||||
| CVE-2023-34916 | 1 Cms Project | 1 Cms | 2024-11-21 | 6.1 Medium |
| Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | ||||
| CVE-2023-34725 | 2 Jaycar, Techview | 3 La5570, La5570 Firmware, La-5570 Wireless Gateway | 2024-11-21 | 6.8 Medium |
| An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection. | ||||
| CVE-2023-34427 | 1 Intel | 2 Realsense 450 Fa, Realsense 450 Fa Firmware | 2024-11-21 | 5.3 Medium |
| Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34357 | 1 Scshr | 1 Hr Portal | 2024-11-21 | 7.8 High |
| Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account. | ||||
| CVE-2023-34119 | 1 Zoom | 1 Rooms | 2024-11-21 | 8.2 High |
| Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-34036 | 1 Vmware | 1 Spring Hateoas | 2024-11-21 | 5.3 Medium |
| Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers. | ||||
| CVE-2023-33706 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 6.5 Medium |
| SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | ||||
| CVE-2023-33368 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 6.5 Medium |
| Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | ||||