Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27172 | 1 Xpand-it | 1 Write-back Manager | 2024-01-02 | N/A | 9.1 CRITICAL |
| Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. | |||||
| CVE-2023-45887 | 1 Nintendo | 1 Ds Wireless Communication | 2024-01-02 | N/A | 9.8 CRITICAL |
| DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message. | |||||
| CVE-2023-6895 | 1 Hikvision | 30 Ds-kd-bk, Ds-kd-dis, Ds-kd-e and 27 more | 2024-01-02 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-1595 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 6.5 MEDIUM | 9.9 CRITICAL |
| <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p> <p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p> | |||||
| CVE-2020-1210 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 6.5 MEDIUM | 9.9 CRITICAL |
| <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | |||||
| CVE-2020-17051 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-31 | 10.0 HIGH | 9.8 CRITICAL |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2023-51102 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. | |||||
| CVE-2023-51101 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. | |||||
| CVE-2023-51100 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | |||||
| CVE-2023-51099 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | |||||
| CVE-2023-51098 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | |||||
| CVE-2023-51097 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. | |||||
| CVE-2023-51094 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | |||||
| CVE-2023-51093 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. | |||||
| CVE-2023-51092 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. | |||||
| CVE-2023-51091 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. | |||||
| CVE-2023-51090 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. | |||||
| CVE-2023-51095 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. | |||||
| CVE-2023-7111 | 1 Fabianros | 1 Library Management System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7097 | 1 Fabianros | 1 Water Billing System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability. | |||||
| CVE-2023-7096 | 1 Carmelogarcia | 1 Faculty Management System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Faculty Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/php/crud.php. The manipulation of the argument fieldname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248948. | |||||
| CVE-2023-49752 | 1 Spoonthemes | 1 Adifier | 2023-12-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. | |||||
| CVE-2020-17142 | 1 Microsoft | 1 Exchange Server | 2023-12-30 | 6.5 MEDIUM | 9.1 CRITICAL |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2020-17132 | 1 Microsoft | 1 Exchange Server | 2023-12-30 | 6.5 MEDIUM | 9.1 CRITICAL |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2021-24094 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2021-24078 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2021-24077 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Fax Service Remote Code Execution Vulnerability | |||||
| CVE-2021-24074 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2021-26897 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26895 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26894 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26893 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26877 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26867 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-29 | 7.2 HIGH | 9.9 CRITICAL |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2023-51033 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | |||||
| CVE-2023-51028 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | |||||
| CVE-2023-50147 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | |||||
| CVE-2023-49677 | 1 Kashipara | 1 Job Portal | 2023-12-29 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-42017 | 1 Ibm | 1 Planning Analytics | 2023-12-29 | N/A | 9.8 CRITICAL |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. | |||||
| CVE-2023-49070 | 1 Apache | 1 Ofbiz | 2023-12-29 | N/A | 9.8 CRITICAL |
| Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | |||||
| CVE-2021-27080 | 1 Microsoft | 1 Azure Sphere | 2023-12-29 | 7.2 HIGH | 9.3 CRITICAL |
| Azure Sphere Unsigned Code Execution Vulnerability | |||||
| CVE-2021-27078 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 6.5 MEDIUM | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26855 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 7.5 HIGH | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26412 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 6.5 MEDIUM | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-50993 | 1 Ruijie | 4 Rg-ws6008, Rg-ws6008 Firmware, Rg-ws6108 and 1 more | 2023-12-29 | N/A | 9.8 CRITICAL |
| Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. | |||||
| CVE-2023-49776 | 1 Dmry | 1 Sayfa Sayac | 2023-12-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. | |||||
| CVE-2023-50475 | 1 Bcoin | 1 Bcoin | 2023-12-29 | N/A | 9.1 CRITICAL |
| An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js. | |||||
| CVE-2023-51655 | 1 Jetbrains | 1 Intellij Idea | 2023-12-29 | N/A | 9.8 CRITICAL |
| In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration | |||||
| CVE-2023-50477 | 1 Nos | 1 Nos Client | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. | |||||
| CVE-2023-6975 | 1 Lfprojects | 1 Mlflow | 2023-12-29 | N/A | 9.8 CRITICAL |
| A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | |||||