CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-38850 Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-38851 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-38853 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-38854 Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlsto... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-38857 Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-38858 Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-38860 An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38889 An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38896 An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38898 An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-38915 File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38916 SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. | 8.8 | HIGH | — | 0 |
| CVE-2023-39438 A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary aut... | 8.1 | HIGH | — | 0 |
| CVE-2023-39659 An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39661 An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39662 An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-2312 Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTM... | 8.8 | HIGH | — | 0 |
| CVE-2023-40027 Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session re... | 3.7 | LOW | — | 0 |
| CVE-2023-40028 Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to ... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-4349 Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... | 8.8 | HIGH | — | 0 |
| CVE-2023-4350 Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML pa... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-4351 Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromiu... | 8.8 | HIGH | — | 0 |
| CVE-2023-4335 Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux | 7.5 | HIGH | — | 0 |
| CVE-2023-4353 Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2023-4356 Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a cra... | 8.8 | HIGH | — | 0 |
| CVE-2023-4357 Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security sever... | 8.8 | HIGH | — | 0 |
| CVE-2023-4359 Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromiu... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-38864 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4360 Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | MEDIUM | — | 0 |
| CVE-2023-4361 Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severi... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-4362 Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploi... | 8.8 | HIGH | — | 0 |
| CVE-2023-4363 Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-38866 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4364 Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medi... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-4365 Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | MEDIUM | — | 0 |
| CVE-2023-4366 Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML... | 8.8 | HIGH | — | 0 |
| CVE-2023-4367 Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-39841 Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | 4.6 | MEDIUM | — | 0 |
| CVE-2023-4368 Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a... | 8.8 | HIGH | — | 0 |
| CVE-2023-38401 A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT ... | 7.8 | HIGH | — | 0 |
| CVE-2023-38402 A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these... | 7.1 | HIGH | — | 0 |
| CVE-2023-38861 An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38862 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38863 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38865 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39842 Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | 2.4 | LOW | — | 0 |
| CVE-2023-39843 Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | 2.4 | LOW | — | 0 |
| CVE-2023-39852 Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session va... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-20560 Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash ... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-20564 Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of co... | 6.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.