Vulnerabilities (CVE)

Filtered by CWE-20
Total 11597 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-29530 3 Fedoraproject, Getlaminas, Guzzlephp 3 Fedora, Laminas-diactoros, Psr-7 2026-06-17 N/A 7.5 HIGH
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`.
CVE-2023-29495 1 Intel 4 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 1 more 2026-06-17 N/A 7.5 HIGH
Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-29446 1 Ptc 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server 2026-06-17 N/A 4.7 MEDIUM
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
CVE-2023-29410 1 Schneider-electric 6 Conext Gateway, Conext Gateway Firmware, Insightfacility and 3 more 2026-06-17 N/A 7.2 HIGH
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.
CVE-2023-29371 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2026-06-17 N/A 7.8 HIGH
Windows GDI Elevation of Privilege Vulnerability
CVE-2023-29359 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2026-06-17 N/A 7.8 HIGH
GDI Elevation of Privilege Vulnerability
CVE-2023-29353 1 Microsoft 2 Sysinternals, Sysinternals Process Monitor 2026-06-17 N/A 5.5 MEDIUM
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
CVE-2023-29335 1 Microsoft 16 365 Apps, Office, Office Long Term Servicing Channel and 13 more 2026-06-17 N/A 7.5 HIGH
Microsoft Word Security Feature Bypass Vulnerability
CVE-2023-29332 1 Microsoft 1 Azure Kubernetes Service 2026-06-17 N/A 7.5 HIGH
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE-2023-29293 1 Adobe 2 Commerce, Magento 2026-06-17 N/A 2.7 LOW
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
CVE-2023-29255 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2026-06-17 N/A 7.5 HIGH
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.
CVE-2023-29246 1 Apache 1 Openmeetings 2026-06-17 N/A 7.2 HIGH
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVE-2023-29134 2026-06-17 N/A 8.6 HIGH
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.
CVE-2023-28981 1 Juniper 2 Junos, Junos Os Evolved 2026-06-17 N/A 6.5 MEDIUM
An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.
CVE-2023-28911 2026-06-17 N/A 6.5 MEDIUM
A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
CVE-2023-28743 1 Intel 8 Nuc 9 Pro Compute Element Nuc9v7qnb, Nuc 9 Pro Compute Element Nuc9v7qnb Firmware, Nuc 9 Pro Compute Element Nuc9v7qnx and 5 more 2026-06-17 N/A 7.5 HIGH
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-28738 1 Intel 12 Nuc 7 Essential Nuc7cjysamn, Nuc 7 Essential Nuc7cjysamn Firmware, Nuc Kit Nuc7cjyh and 9 more 2026-06-17 N/A 7.5 HIGH
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-28710 1 Apache 1 Apache-airflow-providers-apache-spark 2026-06-17 N/A 7.5 HIGH
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.
CVE-2023-28707 1 Apache 1 Apache-airflow-providers-apache-drill 2026-06-17 N/A 7.5 HIGH
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.
CVE-2023-28649 1 Snapone 2 Orvc, Ovrc-300-pro 2026-06-17 N/A 8.6 HIGH
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.