Total
3676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43270 | 1 Dst-admin Project | 1 Dst-admin | 2024-11-21 | N/A | 9.8 CRITICAL |
| dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. | |||||
| CVE-2023-43234 | 1 Dedebiz | 1 Dedebiz | 2024-11-21 | N/A | 9.8 CRITICAL |
| DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | |||||
| CVE-2023-43222 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | |||||
| CVE-2023-42890 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-42833 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-42658 | 1 Chef | 1 Inspec | 2024-11-21 | N/A | 8.8 HIGH |
| Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. | |||||
| CVE-2023-42471 | 1 Wave-ai | 1 Wave | 2024-11-21 | N/A | 9.8 CRITICAL |
| The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions). | |||||
| CVE-2023-42470 | 1 Imoulife | 1 Life | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs. | |||||
| CVE-2023-42374 | 1 Mystenlabs | 1 Sui | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | |||||
| CVE-2023-41984 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-41898 | 1 Home-assistant | 1 Home Assistant Companion | 2024-11-21 | N/A | 8.6 HIGH |
| Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`. | |||||
| CVE-2023-41892 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 10.0 CRITICAL |
| Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15. | |||||
| CVE-2023-41783 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | |||||
| CVE-2023-41724 | 1 Ivanti | 1 Standalone Sentry | 2024-11-21 | N/A | 8.8 HIGH |
| A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. | |||||
| CVE-2023-41630 | 1 Esst | 1 Esst Monitoring | 2024-11-21 | N/A | 9.8 CRITICAL |
| eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component. | |||||
| CVE-2023-41544 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
| SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. | |||||
| CVE-2023-41503 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function. | |||||
| CVE-2023-41450 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | |||||
| CVE-2023-41444 | 2 Binalyze, Microsoft | 2 Irec, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. | |||||
| CVE-2023-41362 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A | 7.2 HIGH |
| MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP. | |||||