Total
29907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51544 | 1 Metagauss | 1 Registrationmagic | 2026-06-17 | N/A | 5.3 MEDIUM |
| Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0. | |||||
| CVE-2023-51074 | 1 Json-path | 1 Jayway Jsonpath | 2026-06-17 | N/A | 5.3 MEDIUM |
| json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. | |||||
| CVE-2023-51071 | 1 Qstar | 1 Archive Storage Manager | 2026-06-17 | N/A | 6.5 MEDIUM |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link. | |||||
| CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2026-06-17 | N/A | 7.5 HIGH |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | |||||
| CVE-2023-51065 | 1 Qstar | 1 Archive Storage Manager | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. | |||||
| CVE-2023-50959 | 1 Ibm | 1 Cloud Pak For Business Automation | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. | |||||
| CVE-2023-50954 | 1 Ibm | 1 Infosphere Information Server | 2026-06-17 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. | |||||
| CVE-2023-50871 | 1 Jetbrains | 1 Youtrack | 2026-06-17 | N/A | 4.3 MEDIUM |
| In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | |||||
| CVE-2023-50708 | 1 Yiiframework | 1 Yii2-authclient | 2026-06-17 | N/A | 6.1 MEDIUM |
| yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2023-50706 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2026-06-17 | N/A | 4.1 MEDIUM |
| A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | |||||
| CVE-2023-50559 | 1 Openxiangshan | 1 Xiangshan | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | |||||
| CVE-2023-50477 | 1 Nos | 1 Nos Client | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. | |||||
| CVE-2023-50344 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 5.4 MEDIUM |
| HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. | |||||
| CVE-2023-50343 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 8.3 HIGH |
| HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. | |||||
| CVE-2023-50341 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 7.6 HIGH |
| HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint. | |||||
| CVE-2023-50333 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 3.7 LOW |
| Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | |||||
| CVE-2023-50332 | 1 Weseek | 1 Growi | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention. | |||||
| CVE-2023-50315 | 1 Ibm | 1 Websphere Application Server | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714. | |||||
| CVE-2023-50314 | 1 Ibm | 1 Websphere Application Server | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. | |||||
| CVE-2023-50082 | 1 Pbootcms | 1 Pbootcms | 2026-06-17 | N/A | 7.5 HIGH |
| Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform. | |||||