CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-22152 Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-22153 File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22597 An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36183 Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. | 7.8 | HIGH | β | 0 |
| CVE-2023-36222 Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-36223 Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings funct... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-36258 An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36291 Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-36610 βThe affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token a... | 5.9 | MEDIUM | β | 0 |
| CVE-2023-36611 The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with βuserβ privileges to access files requiring higher privilege... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-3395 βAll versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, includin... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-22906 Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. | 8.8 | HIGH | β | 0 |
| CVE-2023-25516 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of... | 7.1 | HIGH | β | 0 |
| CVE-2022-32666 In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interact... | 7.5 | HIGH | β | 0 |
| CVE-2023-32427 This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to int... | 5.9 | MEDIUM | β | 0 |
| CVE-2023-25517 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information... | 7.1 | HIGH | β | 0 |
| CVE-2023-25521 NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not ... | 7.5 | HIGH | β | 0 |
| CVE-2023-25522 NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploi... | 7.5 | HIGH | β | 0 |
| CVE-2023-25523 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file.... | 3.3 | LOW | β | 0 |
| CVE-2023-30990 IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. | 8.6 | HIGH | β | 0 |
| CVE-2023-20689 In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed ... | 7.5 | HIGH | β | 0 |
| CVE-2023-20690 In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed ... | 7.5 | HIGH | β | 0 |
| CVE-2023-20691 In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed ... | 7.5 | HIGH | β | 0 |
| CVE-2023-20692 In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not neede... | 7.5 | HIGH | β | 0 |
| CVE-2023-2010 The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allo... | 3.1 | LOW | β | 0 |
| CVE-2023-20693 In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not neede... | 7.5 | HIGH | β | 0 |
| CVE-2023-20748 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not neede... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-20753 In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20754 In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-30678 Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file. | 5.1 | MEDIUM | β | 0 |
| CVE-2023-20755 In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20756 In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20757 In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20758 In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exp... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-20759 In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exp... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-20760 In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20761 In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20766 In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-2880 Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This ... | 7.5 | HIGH | β | 0 |
| CVE-2023-20767 In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20768 In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for explo... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20771 In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for ... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-20772 In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20773 In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... | 7.8 | HIGH | β | 0 |
| CVE-2023-2320 The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, lea... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-20774 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-20775 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-21624 Information disclosure in DSP Services while loading dynamic module. | 6.2 | MEDIUM | β | 0 |
| CVE-2023-21635 Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. | 6.7 | MEDIUM | β | 0 |
| CVE-2023-21637 Memory corruption in Linux while calling system configuration APIs. | 6.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.