Export limit exceeded: 338081 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338081 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50030 | 1 Joommasters | 1 Jmssetting | 2025-06-17 | 9.8 Critical |
| In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection. | ||||
| CVE-2023-49950 | 1 Logpoint | 1 Siem | 2025-06-17 | 5.4 Medium |
| The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | ||||
| CVE-2023-49555 | 1 Yasm Project | 1 Yasm | 2025-06-17 | 5.5 Medium |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. | ||||
| CVE-2023-49238 | 1 Gradle | 1 Enterprise | 2025-06-17 | 9.8 Critical |
| In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. | ||||
| CVE-2023-49101 | 1 Axigen | 1 Axigen Mobile Webmail | 2025-06-17 | 6.1 Medium |
| WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | ||||
| CVE-2023-48974 | 1 Axigen | 1 Axigen Mail Server | 2025-06-17 | 9.6 Critical |
| Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | ||||
| CVE-2023-48135 | 1 Linecorp | 1 Line | 2025-06-17 | 5.4 Medium |
| An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-48131 | 1 Linecorp | 1 Line | 2025-06-17 | 5.4 Medium |
| An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-46892 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | 8.8 High |
| The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature). | ||||
| CVE-2023-46889 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | 5.7 Medium |
| Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | ||||
| CVE-2023-43898 | 1 Nothings | 1 Stb Image.h | 2025-06-17 | 5.5 Medium |
| Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | ||||
| CVE-2023-41619 | 1 Emlog | 1 Emlog | 2025-06-17 | 6.1 Medium |
| Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | ||||
| CVE-2023-41603 | 1 Dlink | 2 R15, R15 Firmware | 2025-06-17 | 5.3 Medium |
| D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | ||||
| CVE-2023-40830 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-17 | 9.8 Critical |
| Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | ||||
| CVE-2023-33760 | 1 Splicecom | 1 Maximiser Soft Pbx | 2025-06-17 | 5.3 Medium |
| SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack. | ||||
| CVE-2023-33295 | 1 Cohesity | 1 Cohesity Dataplatform | 2025-06-17 | 6.5 Medium |
| Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation. | ||||
| CVE-2024-33121 | 1 Roothub | 1 Roothub | 2025-06-17 | 6.3 Medium |
| Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. | ||||
| CVE-2024-46540 | 2 Emlog, Emlog Pro Project | 2 Emlog, Emlog Pro | 2025-06-17 | 6.3 Medium |
| A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. | ||||
| CVE-2024-47913 | 1 Mediawiki | 1 Mediawiki | 2025-06-17 | 5.3 Medium |
| An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. | ||||
| CVE-2024-44068 | 1 Samsung | 12 Exynos 850, Exynos 850 Firmware, Exynos 980 and 9 more | 2025-06-17 | 8.1 High |
| An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. | ||||