U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CVSS Version: 3
  • CVSS V3 Severity: Critical (9-10)
There are 23,738 matching records.
Displaying matches 3,541 through 3,560.
Vuln ID Summary CVSS Severity
CVE-2023-34832

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.

Published: June 16, 2023; 2:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-34659

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.

Published: June 16, 2023; 2:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-25366

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

Published: June 16, 2023; 12:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-35782

The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.

Published: June 16, 2023; 11:15:09 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-34548

Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.

Published: June 16, 2023; 11:15:09 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-48472

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211.

Published: June 16, 2023; 9:15:09 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).

Published: June 16, 2023; 12:15:14 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-32754

Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.

Published: June 16, 2023; 12:15:13 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-32753

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

Published: June 16, 2023; 12:15:13 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-32752

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

Published: June 16, 2023; 12:15:13 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-2080

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.

Published: June 15, 2023; 7:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-34800

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.

Published: June 15, 2023; 5:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-34852

PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.

Published: June 15, 2023; 4:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-31672

In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.

Published: June 15, 2023; 4:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-2686

Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.

Published: June 15, 2023; 3:15:11 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-21130

In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002

Published: June 15, 2023; 3:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2021-0945

In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: June 15, 2023; 3:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2021-0701

In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: June 15, 2023; 3:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-34880

cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion.

Published: June 15, 2023; 1:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-3275

A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability.

Published: June 15, 2023; 9:15:09 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)