Vulnerabilities (CVE)

Total 298254 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-52239 1 Magicsoftware 1 Magic Xpi Integration Platform 2025-06-17 N/A 6.5 MEDIUM
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.
CVE-2023-52099 1 Huawei 2 Emui, Harmonyos 2025-06-17 N/A 7.5 HIGH
Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52068 1 Kodcloud 1 Kodbox 2025-06-17 N/A 6.1 MEDIUM
kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs.
CVE-2023-52027 1 Totolink 2 A3700r, A3700r Firmware 2025-06-17 N/A 9.8 CRITICAL
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.
CVE-2023-50974 1 Appwrite 1 Command Line Interface 2025-06-17 N/A 5.5 MEDIUM
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.
CVE-2023-50920 1 Gl-inet 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more 2025-06-17 N/A 5.5 MEDIUM
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
CVE-2023-50694 1 Dom96 1 Httpbeast 2025-06-17 N/A 9.8 CRITICAL
An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.
CVE-2023-50671 1 Aertherwide 1 Exiftags 2025-06-17 N/A 7.8 HIGH
In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address.
CVE-2023-50488 1 Blurams 2 Lumi Security Camera A31c, Lumi Security Camera A31c Firmware 2025-06-17 N/A 9.8 CRITICAL
An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.
CVE-2023-50159 1 Scalefusion 1 Scalefusion 2025-06-17 N/A 8.8 HIGH
In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.
CVE-2023-50120 1 Gpac 1 Gpac 2025-06-17 N/A 5.5 MEDIUM
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2023-50092 1 Apiida 1 Api Gateway Manager 2025-06-17 N/A 6.1 MEDIUM
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-50030 1 Joommasters 1 Jmssetting 2025-06-17 N/A 9.8 CRITICAL
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.
CVE-2023-49950 1 Logpoint 1 Siem 2025-06-17 N/A 5.4 MEDIUM
The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.
CVE-2023-49555 1 Yasm Project 1 Yasm 2025-06-17 N/A 5.5 MEDIUM
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.
CVE-2023-49238 1 Gradle 1 Enterprise 2025-06-17 N/A 9.8 CRITICAL
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.
CVE-2023-49101 1 Axigen 1 Axigen Mobile Webmail 2025-06-17 N/A 6.1 MEDIUM
WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.
CVE-2023-48974 1 Axigen 1 Axigen Mail Server 2025-06-17 N/A 9.6 CRITICAL
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.
CVE-2023-48135 1 Linecorp 1 Line 2025-06-17 N/A 5.4 MEDIUM
An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-48131 1 Linecorp 1 Line 2025-06-17 N/A 5.4 MEDIUM
An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.