Total
2182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49093 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | N/A | 9.8 CRITICAL |
| HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0 | |||||
| CVE-2023-49060 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. | |||||
| CVE-2023-48799 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. | |||||
| CVE-2023-48659 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. | |||||
| CVE-2023-48658 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. | |||||
| CVE-2023-48657 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. | |||||
| CVE-2023-48656 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. | |||||
| CVE-2023-48655 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. | |||||
| CVE-2023-48654 | 1 Oneidentity | 1 Password Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
| One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-48424 | 1 Google | 2 Chromecast, Chromecast Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| U-Boot shell vulnerability resulting in Privilege escalation in a production device | |||||
| CVE-2023-48194 | 1 Tenda | 2 Ac8v4, Ac8v4 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained. | |||||
| CVE-2023-48193 | 1 Fit2cloud | 1 Jumpserver | 2024-11-21 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files. | |||||
| CVE-2023-48176 | 1 Mizhexiaoxiao | 1 Websiteguide | 2024-11-21 | N/A | 9.8 CRITICAL |
| An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). | |||||
| CVE-2023-47503 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. | |||||
| CVE-2023-47418 | 1 Zoneland | 1 O2oa | 2024-11-21 | N/A | 9.8 CRITICAL |
| Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. | |||||
| CVE-2023-47261 | 1 Dokmee | 1 Enterprise Content Management | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled. | |||||
| CVE-2023-47110 | 1 Prestashop | 1 Customer Reassurance Block | 2024-11-21 | N/A | 9.1 CRITICAL |
| blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | |||||
| CVE-2023-46980 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | |||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | |||||
| CVE-2023-46665 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | |||||