Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3265 | 1 Cyberpower | 1 Powerpanel Server | 2026-06-17 | N/A | 9.8 CRITICAL |
| An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials. | |||||
| CVE-2023-3253 | 1 Tenable | 1 Nessus | 2026-06-17 | N/A | 4.3 MEDIUM |
| An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. | |||||
| CVE-2023-3228 | 1 Fossbilling | 1 Fossbilling | 2026-06-17 | N/A | 5.7 MEDIUM |
| Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. | |||||
| CVE-2023-3181 | 2 Microsoft, Splashtop | 6 Windows, Mirroring360 Receiver, Mirroring360 Sender and 3 more | 2026-06-17 | N/A | 7.8 HIGH |
| The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | |||||
| CVE-2023-3115 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories. | |||||
| CVE-2023-3099 | 1 Ubuntukylin | 1 Youker-assistant | 2026-06-17 | 3.2 LOW | 4.4 MEDIUM |
| A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3096 | 1 Kylinos | 1 Kylin-software-properties | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3037 | 1 Helpdezk | 1 Helpdezk | 2026-06-17 | N/A | 8.6 HIGH |
| Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter. | |||||
| CVE-2023-39948 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2026-06-17 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. | |||||
| CVE-2023-39945 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2026-06-17 | N/A | 8.2 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. | |||||
| CVE-2023-39909 | 1 Ericsson | 1 Network Manager | 2026-06-17 | N/A | 8.8 HIGH |
| Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | |||||
| CVE-2023-39743 | 1 Pete4abw | 1 Lzma Software Development Kit | 2026-06-17 | N/A | 5.3 MEDIUM |
| lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. | |||||
| CVE-2023-39508 | 1 Apache | 1 Airflow | 2026-06-17 | N/A | 8.8 HIGH |
| Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0. | |||||
| CVE-2023-39505 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 5.5 MEDIUM |
| PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Net.HTTP.requests method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to disclose information in the context of the current user. Was ZDI-CAN-20211. | |||||
| CVE-2023-39501 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 7.8 HIGH |
| PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20034. | |||||
| CVE-2023-39495 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 5.5 MEDIUM |
| PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the readFileIntoStream method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to disclose information in the context of the current user. Was ZDI-CAN-19657. | |||||
| CVE-2023-39493 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 7.8 HIGH |
| PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsText method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19649. | |||||
| CVE-2023-39470 | 1 Papercut | 1 Papercut Ng | 2026-06-17 | N/A | 7.2 HIGH |
| PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965. | |||||
| CVE-2023-39445 | 1 Elecom | 14 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware, Wrc-1467ghbk-s and 11 more | 2026-06-17 | N/A | 8.8 HIGH |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | |||||
| CVE-2023-39406 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. | |||||