Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24012 2026-04-15 8.2 High
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
CVE-2023-41820 1 Motorola 1 Ready For 2026-04-15 5 Medium
An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. 
CVE-2023-41821 2026-04-15 5 Medium
A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. 
CVE-2023-24379 2026-04-15 6.8 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through 3.1.9.9.
CVE-2023-41822 2026-04-15 4.8 Medium
An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. 
CVE-2023-41823 2026-04-15 4.4 Medium
An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. 
CVE-2023-41824 2026-04-15 2.8 Low
An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data.
CVE-2023-41825 2026-04-15 2.8 Low
A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files. 
CVE-2023-24531 1 Gotoolchain 1 Cmd\/go 2026-04-15 9.8 Critical
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.
CVE-2023-41826 2026-04-15 5.1 Medium
A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission. 
CVE-2023-41827 2026-04-15 5.1 Medium
An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI.
CVE-2023-41828 2026-04-15 4.4 Medium
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.  
CVE-2023-25050 2026-04-15 7.1 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6.
CVE-2023-25199 2026-04-15 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser.
CVE-2023-25200 2026-04-15 4.7 Medium
An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser.
CVE-2023-25341 2026-04-15 6.5 Medium
A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests.
CVE-2023-25364 2026-04-15 6.1 Medium
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks.
CVE-2023-25493 1 Lenovo 1 Bios 2026-04-15 6.7 Medium
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.
CVE-2023-25494 2026-04-15 6.7 Medium
A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables.
CVE-2023-25546 2026-04-15 2.5 Low
Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.