Search

Search Results (364870 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50350 1 Hcltech 1 Dryice Myxalytics 2025-06-18 8.2 High
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.
CVE-2023-50348 1 Hcltech 1 Dryice Myxalytics 2025-06-18 3.1 Low
HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.
CVE-2023-50346 1 Hcltech 1 Dryice Myxalytics 2025-06-18 3.1 Low
HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information.
CVE-2023-50344 1 Hcltech 1 Dryice Myxalytics 2025-06-18 5.4 Medium
HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.
CVE-2023-50343 1 Hcltech 1 Dryice Myxalytics 2025-06-18 8.3 High
HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.
CVE-2023-50341 1 Hcltech 1 Dryice Myxalytics 2025-06-18 7.6 High
HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.
CVE-2023-50093 1 Apiida 1 Api Gateway Manager 2025-06-18 5.4 Medium
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
CVE-2023-50020 1 Open5gs 1 Open5gs 2025-06-18 7.5 High
An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.
CVE-2023-49961 1 Wallix 2 Bastion, Bastion Access Manager 2025-06-18 7.5 High
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.
CVE-2023-46929 1 Gpac 1 Gpac 2025-06-18 7.5 High
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.
CVE-2023-45724 1 Hcltech 1 Dryice Myxalytics 2025-06-18 8.2 High
HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.
CVE-2023-45723 1 Hcltech 1 Dryice Myxalytics 2025-06-18 7.6 High
HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.
CVE-2023-42358 1 O-ran-sc 1 Ric-plt-e2mgr 2025-06-18 7.5 High
An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.
CVE-2023-39655 1 Perfood 1 Couchauth 2025-06-18 9.6 Critical
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts.
CVE-2023-27739 1 Easyxdm 1 Easyxdm 2025-06-18 6.1 Medium
easyXDM 2.5 allows XSS via the xdm_e parameter.
CVE-2020-13880 1 Irfanview 1 B3d 2025-06-18 9.8 Critical
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.
CVE-2025-22980 1 Slims 1 Senayan Library Management System Bulian 2025-06-18 6.7 Medium
A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.
CVE-2025-48915 1 Drupal 1 Cookies Consent Management 2025-06-18 8.6 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
CVE-2025-48914 1 Drupal 1 Cookies Consent Management 2025-06-18 8.6 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
CVE-2021-20450 1 Ibm 1 Cognos Controller 2025-06-18 4.3 Medium
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640.