Total
2182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46661 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. | |||||
| CVE-2023-46510 | 1 Zioncom | 2 A7000r, A7000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. | |||||
| CVE-2023-46509 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | |||||
| CVE-2023-46501 | 1 Boltwire | 1 Boltwire | 2024-11-21 | N/A | 9.1 CRITICAL |
| An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. | |||||
| CVE-2023-46498 | 1 Evershop | 1 Evershop | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. | |||||
| CVE-2023-46404 | 1 Utoronto | 1 Pcrs | 2024-11-21 | N/A | 9.9 CRITICAL |
| PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. | |||||
| CVE-2023-46322 | 1 Iterm2 | 1 Iterm2 | 2024-11-21 | N/A | 9.8 CRITICAL |
| iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period. | |||||
| CVE-2023-46321 | 1 Iterm2 | 1 Iterm2 | 2024-11-21 | N/A | 9.8 CRITICAL |
| iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line. | |||||
| CVE-2023-46266 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | |||||
| CVE-2023-46116 | 1 Tuta | 1 Tutanota | 2024-11-21 | N/A | 9.3 CRITICAL |
| Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue. | |||||
| CVE-2023-46042 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). | |||||
| CVE-2023-46010 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | |||||
| CVE-2023-45894 | 1 Parallels | 1 Remote Application Server | 2024-11-21 | N/A | 10.0 CRITICAL |
| The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques. | |||||
| CVE-2023-45887 | 1 Nintendo | 1 Ds Wireless Communication | 2024-11-21 | N/A | 9.8 CRITICAL |
| DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message. | |||||
| CVE-2023-45239 | 2 Facebook, Fedoraproject | 2 Tac Plus, Fedora | 2024-11-21 | N/A | 9.8 CRITICAL |
| A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | |||||
| CVE-2023-45132 | 1 Wargio | 1 Naxsi | 2024-11-21 | N/A | 9.1 CRITICAL |
| NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions. | |||||
| CVE-2023-44809 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. | |||||
| CVE-2023-44794 | 2 Dromara, Vmware | 3 Sa-token, Spring Boot, Spring Framework | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. | |||||
| CVE-2023-44467 | 1 Langchain | 1 Langchain Experimental | 2024-11-21 | N/A | 9.8 CRITICAL |
| langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py. | |||||
| CVE-2023-44172 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | |||||