Search Results (364170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-1604 2 Kaizencoders, Wordpress 2 Short Url, Wordpress 2026-04-15 4.7 Medium
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated attackers to add and import redirects, including comments containing cross-site scripting as detailed in CVE-2023-1602, granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-20512 2026-04-15 1.9 Low
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.
CVE-2023-20513 2026-04-15 3.3 Low
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.
CVE-2023-1973 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus 2026-04-15 7.5 High
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
CVE-2023-20125 1 Cisco 1 Broadworks Network Server 2026-04-15 8.6 High
A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable. Note: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2023-20507 2026-04-15 2.3 Low
An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.
CVE-2023-20508 2026-04-15 5 Medium
Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.
CVE-2023-20509 2026-04-15 5.2 Medium
An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity.
CVE-2023-20514 1 Amd 7 Radeon Pro V620, Radeon Pro V710, Radeon Pro Vii and 4 more 2026-04-15 N/A
Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution
CVE-2023-20515 2026-04-15 5.7 Medium
Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.
CVE-2023-20516 1 Amd 7 Instinct Mi210, Instinct Mi250, Radeon and 4 more 2026-04-15 3.3 Low
Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.
CVE-2023-20518 2026-04-15 1.9 Low
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
CVE-2023-20601 1 Amd 2 Radeon Pro Vii, Radeon Vii 2026-04-15 N/A
Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.
CVE-2023-20581 2026-04-15 2.5 Low
Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.
CVE-2023-20582 2026-04-15 5.3 Medium
Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
CVE-2023-20587 2026-04-15 7.1 High
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.
CVE-2023-20599 2026-04-15 7.9 High
Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.
CVE-2023-41923 2026-04-15 7.2 High
The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.
CVE-2023-22351 1 Ieisystem 1 Uefi Firmware 2026-04-15 6.1 Medium
Out-of-bounds write in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-22650 1 Suse 1 Rancher 2026-04-15 8.8 High
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable.