Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6139 | 1 G5plus | 1 Essential Real Estate | 2025-06-03 | N/A | 6.5 MEDIUM |
| The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks. | |||||
| CVE-2023-6042 | 1 Motopress | 1 Getwid | 2025-06-03 | N/A | 7.5 HIGH |
| Any unauthenticated user may send e-mail from the site with any title or content to the admin | |||||
| CVE-2023-52271 | 1 Topazevolution | 1 Antifraud | 2025-06-03 | N/A | 6.5 MEDIUM |
| The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). | |||||
| CVE-2023-52031 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. | |||||
| CVE-2023-51277 | 1 Tinowagner | 1 Jupyter Notebook Viewer | 2025-06-03 | N/A | 9.8 CRITICAL |
| nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. | |||||
| CVE-2023-50643 | 1 Evernote | 1 Evernote | 2025-06-03 | N/A | 9.8 CRITICAL |
| An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | |||||
| CVE-2023-50090 | 1 Ureport2 Project | 1 Ureport2 | 2025-06-03 | N/A | 9.8 CRITICAL |
| Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. | |||||
| CVE-2023-49558 | 1 Yasm Project | 1 Yasm | 2025-06-03 | N/A | 5.5 MEDIUM |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | |||||
| CVE-2023-49556 | 1 Yasm Project | 1 Yasm | 2025-06-03 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | |||||
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | |||||
| CVE-2023-46836 | 1 Xen | 1 Xen | 2025-06-03 | N/A | 4.7 MEDIUM |
| The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen. | |||||
| CVE-2023-45559 | 1 Linecorp | 1 Line | 2025-06-03 | N/A | 8.2 HIGH |
| An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | |||||
| CVE-2023-42933 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges. | |||||
| CVE-2023-42872 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-03 | N/A | 5.5 MEDIUM |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data. | |||||
| CVE-2023-42866 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-06-03 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-42831 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user. | |||||
| CVE-2023-42828 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges. | |||||
| CVE-2023-40529 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-03 | N/A | 2.4 LOW |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information. | |||||
| CVE-2023-40437 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-40433 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | |||||