Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-5407 Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-46228 zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. | 7.8 | HIGH | — | 0 |
| CVE-2023-46229 LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | 8.8 | HIGH | — | 0 |
| CVE-2023-34050 In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of da... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-25753 There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve correspondin... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-24400 A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. | 7.5 | HIGH | — | 0 |
| CVE-2022-24401 Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast b... | 8.8 | HIGH | — | 0 |
| CVE-2022-24402 The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficie... | 8.8 | HIGH | — | 0 |
| CVE-2022-25333 The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the... | 8.2 | HIGH | — | 0 |
| CVE-2022-25334 The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A mod... | 8.2 | HIGH | — | 0 |
| CVE-2022-26941 A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anythin... | 9.6 | CRITICAL | — | 0 |
| CVE-2022-26942 The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the o... | 8.2 | HIGH | — | 0 |
| CVE-2022-26943 The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the p... | 8.8 | HIGH | — | 0 |
| CVE-2022-27813 Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to en... | 8.1 | HIGH | — | 0 |
| CVE-2023-46227 Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are ... | 7.5 | HIGH | — | 0 |
| CVE-2022-37830 Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). | 9.6 | CRITICAL | — | 0 |
| CVE-2023-43252 XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. | 7.8 | HIGH | — | 0 |
| CVE-2023-45379 In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45384 KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" (supercheckout), a guest... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27795 An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. | 7.8 | HIGH | — | 0 |
| CVE-2023-45883 A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM ... | 7.8 | HIGH | — | 0 |
| CVE-2023-31046 A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-35180 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API. | 8.0 | HIGH | — | 0 |
| CVE-2023-35181 The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation. | 7.8 | HIGH | — | 0 |
| CVE-2023-35182 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. | 8.8 | HIGH | — | 0 |
| CVE-2023-35183 The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation. | 7.8 | HIGH | — | 0 |
| CVE-2025-57929 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kanwei_doublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affe... | N/A | NONE | — | 0 |
| CVE-2023-35184 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code ... | 8.8 | HIGH | — | 0 |
| CVE-2023-35186 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execut... | 8.0 | HIGH | — | 0 |
| CVE-2023-35187 The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | 8.8 | HIGH | — | 0 |
| CVE-2023-43251 XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | 7.8 | HIGH | — | 0 |
| CVE-2023-46042 An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5654 The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-47583 Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46033 D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal witho... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-35126 An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a ... | 7.8 | HIGH | — | 0 |
| CVE-2023-45277 Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigat... | 7.5 | HIGH | — | 0 |
| CVE-2023-45278 Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-45281 An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-30131 An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-35986 Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execu... | 7.8 | HIGH | — | 0 |
| CVE-2023-38128 An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corrup... | 7.8 | HIGH | — | 0 |
| CVE-2023-39431 Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute ar... | 7.8 | HIGH | — | 0 |
| CVE-2023-5059 Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to exec... | 7.8 | HIGH | — | 0 |
| CVE-2023-40153 The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-41088 The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to t... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-41089 The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, si... | 8.0 | HIGH | — | 0 |
| CVE-2023-42435 The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-43986 DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45381 In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.