Total
299933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49950 | 1 Logpoint | 1 Siem | 2025-06-17 | N/A | 5.4 MEDIUM |
| The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | |||||
| CVE-2023-49555 | 1 Yasm Project | 1 Yasm | 2025-06-17 | N/A | 5.5 MEDIUM |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. | |||||
| CVE-2023-49238 | 1 Gradle | 1 Enterprise | 2025-06-17 | N/A | 9.8 CRITICAL |
| In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. | |||||
| CVE-2023-49101 | 1 Axigen | 1 Axigen Mobile Webmail | 2025-06-17 | N/A | 6.1 MEDIUM |
| WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | |||||
| CVE-2023-48974 | 1 Axigen | 1 Axigen Mail Server | 2025-06-17 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | |||||
| CVE-2023-48135 | 1 Linecorp | 1 Line | 2025-06-17 | N/A | 5.4 MEDIUM |
| An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-48131 | 1 Linecorp | 1 Line | 2025-06-17 | N/A | 5.4 MEDIUM |
| An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-46892 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature). | |||||
| CVE-2023-46889 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | N/A | 5.7 MEDIUM |
| Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | |||||
| CVE-2023-46835 | 1 Xen | 1 Xen | 2025-06-17 | N/A | 5.5 MEDIUM |
| The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks. | |||||
| CVE-2023-43898 | 1 Nothings | 1 Stb Image.h | 2025-06-17 | N/A | 5.5 MEDIUM |
| Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | |||||
| CVE-2023-41987 | 1 Apple | 1 Macos | 2025-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | |||||
| CVE-2023-41619 | 1 Emlog | 1 Emlog | 2025-06-17 | N/A | 6.1 MEDIUM |
| Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | |||||
| CVE-2023-41603 | 1 Dlink | 2 R15, R15 Firmware | 2025-06-17 | N/A | 5.3 MEDIUM |
| D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | |||||
| CVE-2023-41069 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID. | |||||
| CVE-2023-40830 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | |||||
| CVE-2023-33760 | 1 Splicecom | 1 Maximiser Soft Pbx | 2025-06-17 | N/A | 5.3 MEDIUM |
| SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack. | |||||
| CVE-2023-33295 | 1 Cohesity | 1 Cohesity Dataplatform | 2025-06-17 | N/A | 6.5 MEDIUM |
| Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation. | |||||
| CVE-2024-33121 | 1 Roothub | 1 Roothub | 2025-06-17 | N/A | 6.3 MEDIUM |
| Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. | |||||
| CVE-2024-46540 | 1 Emlog | 1 Emlog | 2025-06-17 | N/A | 6.3 MEDIUM |
| A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. | |||||