CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-33220 Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fi... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-49006 Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-6945 A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student... | 2.4 | LOW | — | 0 |
| CVE-2023-5432 The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-33435 Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circ... | 8.0 | HIGH | — | 0 |
| CVE-2019-25158 A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-6730 Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | 8.8 | HIGH | — | 0 |
| CVE-2023-50761 The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the messa... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50762 When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6135 Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-51428 Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 4.6 | MEDIUM | — | 0 |
| CVE-2023-6857 When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-6859 A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 8.8 | HIGH | — | 0 |
| CVE-2023-6860 The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 11... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-6861 The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 8.8 | HIGH | — | 0 |
| CVE-2023-6862 A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. | 8.8 | HIGH | — | 0 |
| CVE-2023-6863 The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thund... | 8.8 | HIGH | — | 0 |
| CVE-2023-6864 Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ... | 8.8 | HIGH | — | 0 |
| CVE-2023-6865 `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-51429 Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 6.0 | MEDIUM | — | 0 |
| CVE-2023-6866 TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. | 8.8 | HIGH | — | 0 |
| CVE-2023-6867 The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-6868 In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthoriz... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6870 Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6871 Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6872 Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-6873 Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.... | 8.8 | HIGH | — | 0 |
| CVE-2023-1514 A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity... | 7.4 | HIGH | — | 0 |
| CVE-2023-43870 When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to... | 8.1 | HIGH | — | 0 |
| CVE-2023-6280 An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingServic... | 7.2 | HIGH | — | 0 |
| CVE-2023-6711 Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not va... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-6913 A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code function... | 8.1 | HIGH | — | 0 |
| CVE-2021-22962 An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-46224 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46216 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46217 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46220 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46221 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46222 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46223 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46225 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46258 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46259 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46260 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46261 An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46262 An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | 7.5 | HIGH | — | 0 |
| CVE-2023-46263 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41762 An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id p... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-46264 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46265 An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.