Export limit exceeded: 17019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336882 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336882 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50027 | 1 Buy-addons | 1 Bazoom Magnifier | 2025-06-03 | 9.8 Critical |
| SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. | ||||
| CVE-2023-49558 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | ||||
| CVE-2023-49556 | 1 Yasm Project | 1 Yasm | 2025-06-03 | 5.5 Medium |
| Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | ||||
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2025-06-03 | 7.5 High |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | ||||
| CVE-2023-49471 | 1 Barassistant | 1 Bar Assistant | 2025-06-03 | 8.8 High |
| Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code. | ||||
| CVE-2023-49394 | 1 Easycorp | 1 Zentao | 2025-06-03 | 6.1 Medium |
| Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | ||||
| CVE-2023-48261 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-03 | 5.3 Medium |
| The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | ||||
| CVE-2023-47994 | 1 Freeimage Project | 1 Freeimage | 2025-06-03 | 8.8 High |
| An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code. | ||||
| CVE-2023-47890 | 1 Pyload | 1 Pyload | 2025-06-03 | 8.8 High |
| pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. | ||||
| CVE-2023-46474 | 1 Sigb | 1 Pmb | 2025-06-03 | 7.2 High |
| File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. | ||||
| CVE-2023-45722 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-03 | 8.8 High |
| HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. | ||||
| CVE-2023-45559 | 1 Linecorp | 1 Line | 2025-06-03 | 8.2 High |
| An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | ||||
| CVE-2023-42866 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-06-03 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2023-42831 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user. | ||||
| CVE-2023-42828 | 1 Apple | 1 Macos | 2025-06-03 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges. | ||||
| CVE-2023-40437 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | ||||
| CVE-2023-40433 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | ||||
| CVE-2023-39336 | 1 Ivanti | 1 Endpoint Manager | 2025-06-03 | 8.8 High |
| An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. | ||||
| CVE-2023-38827 | 1 Follettlearning | 1 Solutions Destiny | 2025-06-03 | 6.1 Medium |
| Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. | ||||
| CVE-2023-37644 | 1 Swftools | 1 Swftools | 2025-06-03 | 5.5 Medium |
| SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c. | ||||