Vulnerabilities (CVE)

Filtered by CWE-20
Total 11572 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-51931 1 Alanclarke 1 Urlite 2026-06-17 N/A 7.5 HIGH
An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.
CVE-2023-51747 1 Apache 1 James 2026-06-17 N/A 7.1 HIGH
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions.
CVE-2023-50733 2026-06-17 N/A 8.6 HIGH
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.
CVE-2023-50694 1 Dom96 1 Httpbeast 2026-06-17 N/A 9.8 CRITICAL
An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.
CVE-2023-50262 1 Dompdf Project 1 Dompdf 2026-06-17 N/A 5.3 MEDIUM
Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue.
CVE-2023-4698 1 Usememos 1 Memos 2026-06-17 N/A 7.5 HIGH
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4680 1 Hashicorp 1 Vault 2026-06-17 N/A 6.8 MEDIUM
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
CVE-2023-4481 1 Juniper 2 Junos, Junos Os Evolved 2026-06-17 N/A 7.5 HIGH
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects  Junos OS:  * All versions before 20.4R3-S10, * from 21.1R1 through 21.*, * from 21.2 before 21.2R3-S5, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6) * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * All versions before 20.4R3-S10-EVO, * from 21.2-EVO before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.
CVE-2023-4435 1 Hamza417 1 Inure 2026-06-17 N/A 5.5 MEDIUM
Improper Input Validation in GitHub repository hamza417/inure prior to build88.
CVE-2023-4357 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2026-06-17 N/A 8.8 HIGH
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-49958 1 Dallmann-consulting 1 Open Charge Point Protocol 2026-06-17 N/A 7.5 HIGH
An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity.
CVE-2023-49615 2026-06-17 N/A 7.5 HIGH
Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-49551 1 Cesanta 1 Mjs 2026-06-17 N/A 7.5 HIGH
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
CVE-2023-49299 1 Apache 1 Dolphinscheduler 2026-06-17 N/A 8.8 HIGH
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.
CVE-2023-49095 1 Nexryai 1 Nexkey 2026-06-17 N/A 8.6 HIGH
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.
CVE-2023-48693 1 Microsoft 1 Azure Rtos Threadx 2026-06-17 N/A 8.7 HIGH
Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-48608 1 Adobe 1 Experience Manager 2026-06-17 N/A 3.5 LOW
Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.
CVE-2023-48425 1 Google 2 Chromecast, Chromecast Firmware 2026-06-17 N/A 9.8 CRITICAL
U-Boot vulnerability resulting in persistent Code Execution 
CVE-2023-48368 1 Intel 1 Media Sdk 2026-06-17 N/A 5.9 MEDIUM
Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-48354 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2026-06-17 N/A 5.5 MEDIUM
In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed