Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1270 | 1 Btcpayserver | 1 Btcpayserver | 2023-03-14 | N/A | 5.4 MEDIUM |
| Command Injection in GitHub repository btcpayserver/btcpayserver prior to 1.8.3. | |||||
| CVE-2023-25395 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-03-14 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability. | |||||
| CVE-2023-23776 | 1 Fortinet | 1 Fortianalyzer | 2023-03-14 | N/A | 3.1 LOW |
| An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer | |||||
| CVE-2023-25223 | 1 Crmeb | 1 Crmeb | 2023-03-14 | N/A | 7.2 HIGH |
| CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. | |||||
| CVE-2023-25230 | 1 Loonflow Project | 1 Loonflow | 2023-03-14 | N/A | 4.9 MEDIUM |
| loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). | |||||
| CVE-2023-25605 | 1 Fortinet | 1 Fortisoar | 2023-03-14 | N/A | 7.2 HIGH |
| A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | |||||
| CVE-2023-25611 | 1 Fortinet | 1 Fortianalyzer | 2023-03-14 | N/A | 7.3 HIGH |
| A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | |||||
| CVE-2023-24775 | 1 Funadmin | 1 Funadmin | 2023-03-14 | N/A | 9.8 CRITICAL |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. | |||||
| CVE-2023-0083 | 1 Openharmony | 1 Openharmony | 2023-03-14 | N/A | 5.5 MEDIUM |
| The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | |||||
| CVE-2023-1269 | 1 Easyappointments | 1 Easyappointments | 2023-03-14 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-22301 | 1 Openharmony | 1 Openharmony | 2023-03-14 | N/A | 7.5 HIGH |
| The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system. | |||||
| CVE-2023-24465 | 1 Openharmony | 1 Openharmony | 2023-03-14 | N/A | 5.5 MEDIUM |
| Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash. | |||||
| CVE-2023-22436 | 1 Openharmony | 1 Openharmony | 2023-03-14 | N/A | 7.8 HIGH |
| The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root. | |||||
| CVE-2023-25947 | 1 Openharmony | 1 Openharmony | 2023-03-14 | N/A | 5.5 MEDIUM |
| The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package. | |||||
| CVE-2023-23638 | 1 Apache | 1 Dubbo | 2023-03-14 | N/A | 9.8 CRITICAL |
| A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions. | |||||
| CVE-2023-0330 | 1 Qemu | 1 Qemu | 2023-03-14 | N/A | 9.8 CRITICAL |
| A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | |||||
| CVE-2023-27891 | 1 Rami | 1 Pretix | 2023-03-14 | N/A | 7.5 HIGH |
| rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1. | |||||
| CVE-2017-20181 | 1 Vocable Trainer Project | 1 Vocable Trainer | 2023-03-14 | N/A | 5.5 MEDIUM |
| A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328. | |||||
| CVE-2023-25358 | 1 Webkitgtk | 1 Webkitgtk | 2023-03-14 | N/A | 9.8 CRITICAL |
| A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||||
| CVE-2023-25360 | 1 Webkitgtk | 1 Webkitgtk | 2023-03-14 | N/A | 9.8 CRITICAL |
| A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||||