Total
4913 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49313 | 1 Horsicq | 1 Xmachoviewer | 2024-11-21 | 9.8 Critical |
| A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data. | ||||
| CVE-2023-49093 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | 9.8 Critical |
| HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0 | ||||
| CVE-2023-49004 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 9.8 Critical |
| An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. | ||||
| CVE-2023-49001 | 1 Indibrowser | 1 Indi Browser | 2024-11-21 | 9.8 Critical |
| An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. | ||||
| CVE-2023-49000 | 1 Artistscope | 1 Artisbrowser | 2024-11-21 | 9.8 Critical |
| An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3. | ||||
| CVE-2023-48699 | 1 Ubertidavide | 1 Fastbots | 2024-11-21 | 8.4 High |
| fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above. | ||||
| CVE-2023-48390 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2024-11-21 | 9.8 Critical |
| Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service. | ||||
| CVE-2023-48226 | 1 Openreplay | 1 Openreplay | 2024-11-21 | 6.5 Medium |
| OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available. | ||||
| CVE-2023-48217 | 1 Statamic | 1 Statamic | 2024-11-21 | 8.8 High |
| Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48192 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 7.8 High |
| An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. | ||||
| CVE-2023-47883 | 1 Vladymix | 1 Tv Browser | 2024-11-21 | 9.8 Critical |
| The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. | ||||
| CVE-2023-47840 | 1 Qodeinteractive | 1 Qode Essential Addons | 2024-11-21 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | ||||
| CVE-2023-47444 | 1 Opencart | 1 Opencart | 2024-11-21 | 8.8 High |
| An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | ||||
| CVE-2023-47397 | 1 Webidsupport | 1 Webid | 2024-11-21 | 9.8 Critical |
| WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | ||||
| CVE-2023-47003 | 1 Redislabs | 1 Redisgraph | 2024-11-21 | 9.8 Critical |
| An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | ||||
| CVE-2023-46987 | 1 Seacms | 1 Seacms | 2024-11-21 | 8.8 High |
| SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | ||||
| CVE-2023-46980 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | 9.8 Critical |
| An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | ||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2024-11-21 | 9.8 Critical |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | ||||
| CVE-2023-46947 | 1 Intelliants | 1 Subrion | 2024-11-21 | 8.8 High |
| Subrion 4.2.1 has a remote command execution vulnerability in the backend. | ||||
| CVE-2023-46865 | 1 Craterapp | 1 Crater | 2024-11-21 | 7.2 High |
| /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. | ||||