Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-43206 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary comman... | 9.8 | CRITICAL | — | 0 |
| CVE-2015-0311 Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-43119 An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43207 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands v... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43200 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41636 A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41637 An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5521 Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-35681 In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges ne... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45984 TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-42464 A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dic... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47583 Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-44105 Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-44116 Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-35803 IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-44166 The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24479 An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacke... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-35646 In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-35647 In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with bas... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-35648 In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with bas... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46007 Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-32244 Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41507 Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4310 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Success... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46005 Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4485 ARDEREG Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41508 A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29453 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-36434 Windows IIS Server Elevation of Privilege Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43981 Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39361 Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.ph... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4501 User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5045 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This i... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41009 File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39654 abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-36109 Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-32563 An unauthenticated attacker could achieve the code execution through a RemoteControl server. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43202 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands v... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43203 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-44694 D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-44693 D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45386 In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabsp... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5402 A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-44163 The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4897 Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43668 Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "auto... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45576 Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-720... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-30131 An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-30415 Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45577 Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.