Export limit exceeded: 17153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0853 | 1 Haxx | 1 Curl | 2025-06-20 | 5.3 Medium |
| curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. | ||||
| CVE-2024-0813 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | 8.8 High |
| Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | ||||
| CVE-2023-7089 | 1 Benjaminzekavica | 1 Easy Svg Support | 2025-06-20 | 5.4 Medium |
| The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-6390 | 1 Jonathonkemp | 1 Wordpress Users | 2025-06-20 | 8.8 High |
| The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2023-6389 | 1 Abhinavsingh | 1 Wordpress Toolbar | 2025-06-20 | 6.1 Medium |
| The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2023-6278 | 1 Biteship | 1 Biteship | 2025-06-20 | 6.1 Medium |
| The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-51887 | 1 Ctan | 1 Mathtex | 2025-06-20 | 9.8 Critical |
| Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. | ||||
| CVE-2023-51839 | 1 Devicefarmer | 1 Smartphone Test Farm | 2025-06-20 | 9.1 Critical |
| DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. | ||||
| CVE-2023-51820 | 1 Blurams | 2 Lumi Security Camera A31c, Lumi Security Camera A31c Firmware | 2025-06-20 | 6.8 Medium |
| An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | ||||
| CVE-2023-51813 | 1 Free And Open Source Inventory Management System Project | 1 Free And Open Source Inventory Management System | 2025-06-20 | 6.5 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. | ||||
| CVE-2023-48132 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-48129 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-47355 | 1 Eyuepcanyilmaz | 1 Root Quick Reboot | 2025-06-20 | 7.5 High |
| The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation. | ||||
| CVE-2023-43997 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43996 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43995 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43992 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43317 | 1 Coign | 1 Coign | 2025-06-20 | 8.8 High |
| An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. | ||||
| CVE-2023-38319 | 1 Opennds | 1 Opennds | 2025-06-20 | 9.8 Critical |
| An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | ||||
| CVE-2023-38318 | 1 Opennds | 1 Opennds | 2025-06-20 | 9.8 Critical |
| An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | ||||