Search

Search Results (363296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36553 1 Fortinet 1 Fortisiem 2025-12-16 9.3 Critical
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.
CVE-2023-42788 1 Fortinet 2 Fortianalyzer, Fortimanager 2025-12-16 7.6 High
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command
CVE-2023-23583 3 Debian, Intel, Netapp 443 Debian Linux, Core I3-1005g1, Core I3-1005g1 Firmware and 440 more 2025-12-16 8.8 High
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
CVE-2023-46850 3 Debian, Fedoraproject, Openvpn 4 Debian Linux, Fedora, Openvpn and 1 more 2025-12-16 9.8 Critical
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
CVE-2023-46590 1 Siemens 1 Siemens Opc Ua Modeling Editor 2025-12-16 7.5 High
A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system.
CVE-2023-46214 1 Splunk 3 Cloud, Splunk, Splunk Enterprise 2025-12-16 8 High
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
CVE-2023-33303 1 Fortinet 1 Fortiedr 2025-12-16 7.7 High
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request
CVE-2023-33119 1 Qualcomm 324 Aqt1000, Aqt1000 Firmware, Ar8035 and 321 more 2025-12-16 8.4 High
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2023-33074 1 Qualcomm 120 Qam8255p, Qam8255p Firmware, Qam8295p and 117 more 2025-12-16 8.4 High
Memory corruption in Audio when SSR event is triggered after music playback is stopped.
CVE-2023-33059 1 Qualcomm 518 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 515 more 2025-12-16 7.8 High
Memory corruption in Audio while processing the VOC packet data from ADSP.
CVE-2023-33055 1 Qualcomm 304 Apq5053-aa, Apq5053-aa Firmware, Aqt1000 and 301 more 2025-12-16 7.8 High
Memory Corruption in Audio while invoking callback function in driver from ADSP.
CVE-2023-33031 1 Qualcomm 330 Apq5053-aa, Apq5053-aa Firmware, Apq8009 and 327 more 2025-12-16 7.8 High
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
CVE-2023-41841 1 Fortinet 1 Fortios 2025-12-16 7.4 High
An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.
CVE-2023-41840 1 Fortinet 1 Forticlient 2025-12-16 7.4 High
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.
CVE-2023-41715 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2025-12-16 8.8 High
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
CVE-2023-41679 1 Fortinet 1 Fortimanager 2025-12-16 7.7 High
An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs
CVE-2023-34991 1 Fortinet 1 Fortiwlm 2025-12-16 9.3 Critical
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.
CVE-2023-34984 1 Fortinet 1 Fortiweb 2025-12-16 7.1 High
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
CVE-2023-34060 1 Vmware 2 Cloud Director, Photon Os 2025-12-16 9.8 Critical
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).
CVE-2023-20254 1 Cisco 2 Catalyst Sd-wan Manager, Sd-wan Manager 2025-12-16 7.2 High
A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.