Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 25575 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4169 1 Ruijie 2 Rg-ew1200g, Rg-ew1200g Firmware 2024-03-21 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4168 1 Templatecookie 1 Adlisting 2024-03-21 4.0 MEDIUM 7.5 HIGH
A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-49610 1 Machinesense 2 Feverwarn, Feverwarn Firmware 2024-03-21 N/A 8.1 HIGH
MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.
CVE-2023-49102 1 Nzbget 1 Nzbget 2024-03-21 N/A 8.8 HIGH
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-46033 1 Dlink 4 Dsl-2730u, Dsl-2730u Firmware, Dsl-2750u and 1 more 2024-03-21 N/A 6.8 MEDIUM
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.
CVE-2023-3243 1 Honeywell 2 Alerton Bcm-web, Alerton Bcm-web Firmware 2024-03-21 N/A 9.8 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. 
CVE-2023-3231 1 Ujcms 1 Ujcms 2024-03-21 2.1 LOW 6.5 MEDIUM
A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.
CVE-2023-35866 1 Keepassxc 1 Keepassxc 2024-03-21 N/A 5.5 MEDIUM
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."
CVE-2023-35042 1 Geoserver 1 Geoserver 2024-03-21 N/A 9.8 CRITICAL
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
CVE-2023-34257 1 Bmc 1 Patrol Agent 2024-03-21 N/A 9.8 CRITICAL
An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."
CVE-2023-33796 1 Netbox 1 Netbox 2024-03-21 N/A 9.1 CRITICAL
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.
CVE-2023-2979 1 Abstrium 1 Pydio Cells 2024-03-21 5.8 MEDIUM 8.8 HIGH
A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211.
CVE-2023-2926 1 Seacms 1 Seacms 2024-03-21 5.5 MEDIUM 6.5 MEDIUM
A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability.
CVE-2023-2874 2 Filseclab, Microsoft 2 Twister Antivirus, Windows 2024-03-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-2670 1 Oretnom23 1 Lost And Found Information System 2024-03-21 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability.
CVE-2023-2646 1 Tp-link 2 Archer C7, Archer C7 Firmware 2024-03-21 5.0 MEDIUM 6.5 MEDIUM
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-29218 1 Twitter 1 Recommendation Algorithm 2024-03-21 N/A 7.5 HIGH
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. NOTE: Vendor states that allowing users to unfollow, mute, block, and report tweets and accounts and the impact of these negative engagements on Twitter’s ranking algorithm is a conscious design decision, rather than a security vulnerability.
CVE-2023-27974 1 Bitwarden 1 Bitwarden 2024-03-21 N/A 7.5 HIGH
Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default.
CVE-2023-24676 1 Processwire 1 Processwire 2024-03-21 N/A 7.2 HIGH
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.
CVE-2023-24069 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2024-03-21 N/A 3.3 LOW
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.