Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-3034 Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44 | 4.7 | MEDIUM | — | 0 |
| CVE-2023-26134 Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flow... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-32623 Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-50738 A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-1295 A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileg... | 7.8 | HIGH | — | 0 |
| CVE-2023-30259 A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-34928 A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-34929 A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-34930 A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-34931 A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-34932 A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2025-58620 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Stored XSS.This issue affects PDF for WPForms: ... | N/A | NONE | — | 0 |
| CVE-2023-36467 AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a us... | 8.0 | HIGH | — | 0 |
| CVE-2023-3445 Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1. | 4.8 | MEDIUM | — | 0 |
| CVE-2022-44276 In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-20006 A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 ... | 8.6 | HIGH | — | 0 |
| CVE-2023-20028 Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ES... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-20105 A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with Read-only cre... | 9.6 | CRITICAL | — | 0 |
| CVE-2023-20108 A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a... | 7.5 | HIGH | — | 0 |
| CVE-2023-20116 A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-20119 A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an una... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-34936 A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-20120 Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ES... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-20136 A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator pr... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-20178 A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, l... | 7.8 | HIGH | — | 0 |
| CVE-2023-20188 A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-34937 A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-20192 Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elev... | 9.6 | CRITICAL | — | 0 |
| CVE-2023-20199 A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerabil... | 6.2 | MEDIUM | — | 0 |
| CVE-2023-26615 D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password... | 7.5 | HIGH | — | 0 |
| CVE-2023-34933 A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-34934 A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-34935 A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | — | 0 |
| CVE-2023-21517 Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. | 8.8 | HIGH | — | 0 |
| CVE-2023-27866 IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2625 A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulne... | 9.0 | CRITICAL | — | 0 |
| CVE-2022-20443 In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execut... | 7.8 | HIGH | — | 0 |
| CVE-2023-21066 In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User intera... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-21146 there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploita... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-21147 In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges need... | 7.8 | HIGH | — | 0 |
| CVE-2023-21148 In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with System execution privileges needed... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-58621 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amuse Labs PuzzleMe for WordPress puzzleme allows Stored XSS.This issue affects PuzzleMe for WordP... | N/A | NONE | — | 0 |
| CVE-2023-21149 In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of pri... | 7.8 | HIGH | — | 0 |
| CVE-2023-21150 In handle_set_parameters_ctrl of hal_socket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-21151 In the Google BMS kernel module, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User i... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-21152 In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User e... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21153 In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges n... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-21154 In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileg... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-21155 In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privil... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-21156 In BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the modem with System exe... | 4.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.