Total
4449 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44141 | 1 Inkdrop | 1 Inkdrop | 2024-11-21 | N/A | 7.8 HIGH |
| Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. | |||||
| CVE-2023-44011 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. | |||||
| CVE-2023-43955 | 1 Fedirtsapana | 1 Tv Bro | 2024-11-21 | N/A | 9.8 CRITICAL |
| The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. | |||||
| CVE-2023-43792 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A | 9.8 CRITICAL |
| baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available. | |||||
| CVE-2023-43625 | 1 Siemens | 1 Simcenter Amesim | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. | |||||
| CVE-2023-43481 | 1 Tcl | 1 Browser Tv Web - Browsehere | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. | |||||
| CVE-2023-43449 | 1 Hummerrisk | 1 Hummerrisk | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component. | |||||
| CVE-2023-43364 | 1 Arjunsharda | 1 Searchor | 2024-11-21 | N/A | 9.8 CRITICAL |
| main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. | |||||
| CVE-2023-43352 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. | |||||
| CVE-2023-43301 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 8.2 HIGH |
| An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43270 | 1 Dst-admin Project | 1 Dst-admin | 2024-11-21 | N/A | 9.8 CRITICAL |
| dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. | |||||
| CVE-2023-43234 | 1 Dedebiz | 1 Dedebiz | 2024-11-21 | N/A | 9.8 CRITICAL |
| DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | |||||
| CVE-2023-43222 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | |||||
| CVE-2023-42890 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-42833 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-42658 | 1 Chef | 1 Inspec | 2024-11-21 | N/A | 8.8 HIGH |
| Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. | |||||
| CVE-2023-42471 | 1 Wave-ai | 1 Wave | 2024-11-21 | N/A | 9.8 CRITICAL |
| The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions). | |||||
| CVE-2023-42470 | 1 Imoulife | 1 Life | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs. | |||||
| CVE-2023-42374 | 1 Mystenlabs | 1 Sui | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | |||||
| CVE-2023-41984 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | |||||