Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-4420 A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the commu... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39801 A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting ... | 4.6 | MEDIUM | — | 0 |
| CVE-2023-32077 Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is p... | 7.5 | HIGH | — | 0 |
| CVE-2023-32078 Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another use... | 7.5 | HIGH | — | 0 |
| CVE-2023-32079 Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. ... | 8.8 | HIGH | — | 0 |
| CVE-2023-37469 CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbit... | 8.8 | HIGH | — | 0 |
| CVE-2023-38508 Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to version... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-39519 Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The... | 7.5 | HIGH | — | 0 |
| CVE-2023-39521 Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to version... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-40017 GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly prot... | 7.5 | HIGH | — | 0 |
| CVE-2023-40022 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow ch... | 7.8 | HIGH | — | 0 |
| CVE-2023-40030 Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-4508 A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-39699 IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or exec... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39700 IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-40179 Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our dat... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-40182 Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email add... | 3.7 | LOW | — | 0 |
| CVE-2023-40570 Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible lo... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-40577 Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute ... | 7.5 | HIGH | — | 0 |
| CVE-2023-40599 Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition.... | 7.5 | HIGH | — | 0 |
| CVE-2023-32577 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-40530 Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access ... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-32755 e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted c... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-32756 e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary... | 7.5 | HIGH | — | 0 |
| CVE-2023-32757 e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-32518 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-32576 Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-32591 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25649 There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerabi... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-25981 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-4478 Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost wit... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-24394 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-32575 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-32595 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-58815 Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2. | N/A | NONE | — | 0 |
| CVE-2023-32596 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-32598 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-32603 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-32797 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-41248 In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | 4.6 | MEDIUM | — | 0 |
| CVE-2023-41249 In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | 4.6 | MEDIUM | — | 0 |
| CVE-2023-41250 In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | 3.5 | LOW | — | 0 |
| CVE-2023-39742 giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41167 @webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an op... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-4452 Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: ... | 8.8 | HIGH | — | 0 |
| CVE-2023-40799 Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40800 The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. | 8.8 | HIGH | — | 0 |
| CVE-2023-40801 The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn | 8.8 | HIGH | — | 0 |
| CVE-2023-40802 The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn | 6.5 | MEDIUM | — | 0 |
| CVE-2023-40915 Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid pa... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.