Export limit exceeded: 365419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50275 1 Hp 1 Oneview 2025-06-20 7.5 High
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
CVE-2023-49329 1 Anomali 1 Match 2025-06-20 7.2 High
Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3.
CVE-2023-48359 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-06-20 4.4 Medium
In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed
CVE-2023-48358 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-06-20 4.4 Medium
In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-48357 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-06-20 4.4 Medium
In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-48356 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-06-20 4.4 Medium
In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-48355 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-06-20 4.4 Medium
In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-48354 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-06-20 5.5 Medium
In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-48353 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-06-20 4.4 Medium
In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed
CVE-2023-48118 1 Quest-analytics 1 Iqcrm 2025-06-20 9.8 Critical
SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page.
CVE-2023-47195 1 Trendmicro 1 Apex One 2025-06-20 7.8 High
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196.
CVE-2023-47193 1 Trendmicro 1 Apex One 2025-06-20 7.8 High
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47194.
CVE-2023-46447 1 Popsdiabetes 1 Rebel 2025-06-20 4.3 Medium
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
CVE-2023-46351 1 Mypresta 1 Manufacturers \(brands\) Images Block 2025-06-20 9.8 Critical
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2023-42144 1 Shelly 2 Trv, Trv Firmware 2025-06-20 5.5 Medium
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password.
CVE-2023-41176 1 Trendmicro 1 Mobile Security 2025-06-20 6.1 Medium
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177.
CVE-2023-27859 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Db2 and 4 more 2025-06-20 6.5 Medium
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.
CVE-2021-42141 1 Contiki-ng 1 Tinydtls 2025-06-20 7.5 High
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.
CVE-2021-31314 1 Ejinshan 1 Terminal Security System 2025-06-20 9.8 Critical
File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.
CVE-2020-36771 1 Cloudlinux 1 Cagefs 2025-06-20 7.8 High
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.