Search

Search Results (364725 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43849 1 Aten 2 Pe6208, Pe6208 Firmware 2025-05-30 6.5 Medium
Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution.
CVE-2025-44084 1 Dlink 2 Di-8100, Di-8100g Firmware 2025-05-30 9.8 Critical
D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system.
CVE-2023-51711 1 Regify 1 Regipay 2025-05-30 7.8 High
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.
CVE-2023-41103 1 Interactsoftware 1 Interact 2025-05-30 5.4 Medium
Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.
CVE-2023-35792 1 Vound-software 1 Intella Connect 2025-05-30 5.4 Medium
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).
CVE-2023-35791 1 Vound-software 1 Intella Connect 2025-05-30 6.1 Medium
Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.
CVE-2023-31223 1 Dradisframework 1 Dradis 2025-05-30 8.7 High
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.
CVE-2023-29505 1 Zohocorp 1 Manageengine Network Configuration Manager 2025-05-30 4.3 Medium
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.
CVE-2023-28152 1 Independentsoft 1 Jword 2025-05-30 5.3 Medium
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2023-28151 1 Independentsoft 1 Jspreadsheet 2025-05-30 5.3 Medium
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2023-28150 1 Independentsoft 1 Jodf 2025-05-30 5.3 Medium
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2023-26098 1 Telindus 1 Apsal 2025-05-30 8.2 High
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.
CVE-2023-26097 1 Telindus 1 Apsal 2025-05-30 8.4 High
An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked.
CVE-2022-45167 1 Archibus 1 Archibus Web Central 2025-05-30 4.3 Medium
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users.
CVE-2022-45166 1 Archibus 1 Archibus Web Central 2025-05-30 6.5 Medium
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role.
CVE-2022-45165 1 Archibus 1 Web Central 2025-05-30 6.5 Medium
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.
CVE-2022-45164 1 Archibus 1 Archibus Web Central 2025-05-30 4.3 Medium
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking
CVE-2022-38482 1 Mega 1 Hopex 2025-05-30 4.3 Medium
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.
CVE-2022-38481 1 Mega 1 Hopex 2025-05-30 6.1 Medium
An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in several features.
CVE-2022-37028 1 Iris 1 Isams 2025-05-30 5.4 Medium
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application.