Total
298254 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52239 | 1 Magicsoftware | 1 Magic Xpi Integration Platform | 2025-06-17 | N/A | 6.5 MEDIUM |
| The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. | |||||
| CVE-2023-52099 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-17 | N/A | 7.5 HIGH |
| Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52068 | 1 Kodcloud | 1 Kodbox | 2025-06-17 | N/A | 6.1 MEDIUM |
| kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. | |||||
| CVE-2023-52027 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | |||||
| CVE-2023-50974 | 1 Appwrite | 1 Command Line Interface | 2025-06-17 | N/A | 5.5 MEDIUM |
| In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. | |||||
| CVE-2023-50920 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2025-06-17 | N/A | 5.5 MEDIUM |
| An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | |||||
| CVE-2023-50694 | 1 Dom96 | 1 Httpbeast | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component. | |||||
| CVE-2023-50671 | 1 Aertherwide | 1 Exiftags | 2025-06-17 | N/A | 7.8 HIGH |
| In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. | |||||
| CVE-2023-50488 | 1 Blurams | 2 Lumi Security Camera A31c, Lumi Security Camera A31c Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | |||||
| CVE-2023-50159 | 1 Scalefusion | 1 Scalefusion | 2025-06-17 | N/A | 8.8 HIGH |
| In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. | |||||
| CVE-2023-50120 | 1 Gpac | 1 Gpac | 2025-06-17 | N/A | 5.5 MEDIUM |
| MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | |||||
| CVE-2023-50092 | 1 Apiida | 1 Api Gateway Manager | 2025-06-17 | N/A | 6.1 MEDIUM |
| APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-50030 | 1 Joommasters | 1 Jmssetting | 2025-06-17 | N/A | 9.8 CRITICAL |
| In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection. | |||||
| CVE-2023-49950 | 1 Logpoint | 1 Siem | 2025-06-17 | N/A | 5.4 MEDIUM |
| The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | |||||
| CVE-2023-49555 | 1 Yasm Project | 1 Yasm | 2025-06-17 | N/A | 5.5 MEDIUM |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. | |||||
| CVE-2023-49238 | 1 Gradle | 1 Enterprise | 2025-06-17 | N/A | 9.8 CRITICAL |
| In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. | |||||
| CVE-2023-49101 | 1 Axigen | 1 Axigen Mobile Webmail | 2025-06-17 | N/A | 6.1 MEDIUM |
| WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | |||||
| CVE-2023-48974 | 1 Axigen | 1 Axigen Mail Server | 2025-06-17 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | |||||
| CVE-2023-48135 | 1 Linecorp | 1 Line | 2025-06-17 | N/A | 5.4 MEDIUM |
| An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-48131 | 1 Linecorp | 1 Line | 2025-06-17 | N/A | 5.4 MEDIUM |
| An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||