Export limit exceeded: 363303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-48270 3 Level1, Level One, Realtek 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more 2025-11-04 7.2 High
A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-47856 3 Level1, Level One, Realtek 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more 2025-11-04 7.2 High
A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-47677 3 Level1, Level One, Realtek 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more 2025-11-04 8.8 High
A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2023-47212 3 Fedoraproject, Nothings, Stb Vorbis Project 3 Fedora, Stb Vorbis.c, Stb Vorbis 2025-11-04 9.8 Critical
A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2023-47166 1 Milesight 2 Ur32l, Ur32l Firmware 2025-11-04 8.8 High
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability.
CVE-2023-46685 3 Level1, Level One, Realtek 4 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 1 more 2025-11-04 9.8 Critical
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution.
CVE-2023-45742 3 Level1, Level One, Realtek 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more 2025-11-04 7.2 High
An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-45362 1 Mediawiki 1 Mediawiki 2025-11-04 4.3 Medium
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
CVE-2023-45360 1 Mediawiki 1 Mediawiki 2025-11-04 5.4 Medium
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
CVE-2023-45215 3 Level1, Level One, Realtek 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more 2025-11-04 7.2 High
A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-43665 3 Djangoproject, Fedoraproject, Redhat 6 Django, Fedora, Ansible Automation Platform and 3 more 2025-11-04 7.5 High
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
CVE-2023-41251 3 Level1, Level One, Realtek 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more 2025-11-04 7.2 High
A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2023-41164 3 Djangoproject, Fedoraproject, Redhat 6 Django, Fedora, Ansible Automation Platform and 3 more 2025-11-04 7.5 High
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
CVE-2023-36617 2 Redhat, Ruby-lang 2 Enterprise Linux, Uri 2025-11-04 5.3 Medium
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
CVE-2023-36308 1 Disintegration 1 Imaging 2025-11-04 5.5 Medium
disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence
CVE-2023-36053 4 Debian, Djangoproject, Fedoraproject and 1 more 8 Debian Linux, Django, Fedora and 5 more 2025-11-04 7.5 High
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
CVE-2023-34435 3 Level1, Level One, Realtek 5 Wbr-6013, Wbr-6013 Firmware, Wbr6013 and 2 more 2025-11-04 7.2 High
A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2023-29483 5 Dnspython, Eventlet, Fedoraproject and 2 more 9 Dnspython, Eventlet, Fedora and 6 more 2025-11-04 7 High
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
CVE-2023-28755 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Enterprise Linux and 2 more 2025-11-04 5.3 Medium
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
CVE-2022-48258 1 Eternal Terminal Project 1 Eternal Terminal 2025-11-04 5.3 Medium
In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles.