Vulnerabilities (CVE)

Filtered by CWE-20
Total 11598 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24937 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2026-06-17 N/A 6.5 MEDIUM
Windows CryptoAPI Denial of Service Vulnerability
CVE-2023-24893 1 Microsoft 1 Visual Studio Code 2026-06-17 N/A 7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-24866 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2026-06-17 N/A 6.5 MEDIUM
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24865 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2026-06-17 N/A 6.5 MEDIUM
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24856 1 Microsoft 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more 2026-06-17 N/A 7.5 HIGH
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24579 1 Mcafee 1 Total Protection 2026-06-17 N/A 5.5 MEDIUM
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.
CVE-2023-24571 1 Dell 2 Embedded Box Pc 3000, Embedded Box Pc 3000 Firmware 2026-06-17 N/A 7.5 HIGH
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.
CVE-2023-24569 1 Dell 1 Alienware Command Center 2026-06-17 N/A 7.8 HIGH
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.
CVE-2023-24493 1 Tenable 1 Tenable.sc 2026-06-17 N/A 5.7 MEDIUM
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
CVE-2023-24463 1 Intel 1 Thunderbolt Dch Driver 2026-06-17 N/A 4.3 MEDIUM
Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-24329 3 Fedoraproject, Netapp, Python 6 Fedora, Active Iq Unified Manager, Management Services For Element Software and 3 more 2026-06-17 N/A 7.5 HIGH
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
CVE-2023-24304 1 Irfanview 1 Irfanview 2026-06-17 N/A 7.8 HIGH
Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file.
CVE-2023-24062 1 Dieboldnixdorf 1 Vynamic Security Suite 2026-06-17 N/A 6.8 MEDIUM
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2023-24033 1 Samsung 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more 2026-06-17 N/A 7.5 HIGH
The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.
CVE-2023-23934 1 Palletsprojects 1 Werkzeug 2026-06-17 N/A 2.6 LOW
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
CVE-2023-23754 1 Joomla 1 Joomla\! 2026-06-17 N/A 6.1 MEDIUM
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
CVE-2023-23560 1 Lexmark 256 B2236, B2236 Firmware, B2338 and 253 more 2026-06-17 N/A 9.8 CRITICAL
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
CVE-2023-23419 1 Microsoft 1 Windows 11 22h2 2026-06-17 N/A 7.8 HIGH
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2023-23416 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2026-06-17 N/A 7.8 HIGH
Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2023-23409 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-17 N/A 5.5 MEDIUM
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability