Total
29699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40023 | 1 Yaklang | 1 Yaklang | 2024-11-21 | 6.5 Medium |
| yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade. | ||||
| CVE-2023-3786 | 1 Aures | 2 Komet, Komet Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability. | ||||
| CVE-2023-3643 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2024-11-21 | 7.3 High |
| A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability. | ||||
| CVE-2023-3580 | 1 Squidex.io | 1 Squidex | 2024-11-21 | 4.3 Medium |
| Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. | ||||
| CVE-2023-3574 | 1 Pimcore | 2 Customer-data-framework, Customer Management Framework | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. | ||||
| CVE-2023-3518 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.4 High |
| HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1. | ||||
| CVE-2023-3517 | 1 Hitachi | 1 Pentaho Data Integration And Analytics | 2024-11-21 | 8.5 High |
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. | ||||
| CVE-2023-3405 | 1 M-files | 1 M-files Server | 2024-11-21 | 7.5 High |
| Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service | ||||
| CVE-2023-3374 | 1 Bookreen | 1 Bookreen | 2024-11-21 | 9.8 Critical |
| Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. | ||||
| CVE-2023-3304 | 1 Admidio | 1 Admidio | 2024-11-21 | 5.4 Medium |
| Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | ||||
| CVE-2023-3266 | 1 Cyberpower | 1 Powerpanel Server | 2024-11-21 | 9.8 Critical |
| A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully. | ||||
| CVE-2023-3265 | 1 Cyberpower | 1 Powerpanel Server | 2024-11-21 | 9.8 Critical |
| An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials. | ||||
| CVE-2023-3253 | 1 Tenable | 1 Nessus | 2024-11-21 | 4.3 Medium |
| An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. | ||||
| CVE-2023-3099 | 1 Ubuntukylin | 1 Youker-assistant | 2024-11-21 | 4.4 Medium |
| A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3037 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 8.6 High |
| Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter. | ||||
| CVE-2023-39909 | 1 Ericsson | 1 Network Manager | 2024-11-21 | 8.8 High |
| Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | ||||
| CVE-2023-39743 | 1 Pete4abw | 1 Lzma Software Development Kit | 2024-11-21 | 5.3 Medium |
| lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. | ||||
| CVE-2023-39445 | 2 Elecom, Logitec | 15 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware, Wrc-1467ghbk-s and 12 more | 2024-11-21 | 8.8 High |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | ||||
| CVE-2023-39406 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. | ||||
| CVE-2023-39259 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | 7.3 High |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | ||||