Show filters
277,575 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2023-37287

Disclosure Date: July 10, 2023 (last updated July 10, 2023)
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.
0
Attacker Value
Unknown

CVE-2023-37288

Disclosure Date: July 10, 2023 (last updated July 10, 2023)
SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.
0
Attacker Value
Unknown

CVE-2023-37286

Disclosure Date: July 10, 2023 (last updated July 10, 2023)
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.
0
Attacker Value
Unknown

CVE-2023-32222

Disclosure Date: June 28, 2023 (last updated June 28, 2023)
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
0
Attacker Value
Unknown

CVE-2023-32224

Disclosure Date: June 28, 2023 (last updated June 28, 2023)
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
0
Attacker Value
Unknown

CVE-2023-32223

Disclosure Date: June 28, 2023 (last updated June 28, 2023)
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.
0
Attacker Value
Unknown

CVE-2023-20199

Disclosure Date: June 21, 2023 (last updated June 28, 2023)
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.
0
Attacker Value
Unknown

CVE-2023-0026

Disclosure Date: June 21, 2023 (last updated July 17, 2023)
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This …
0
Attacker Value
Unknown

CVE-2023-20119

Disclosure Date: June 21, 2023 (last updated July 12, 2023)
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
0
Attacker Value
Unknown

CVE-2023-20120

Disclosure Date: June 21, 2023 (last updated June 28, 2023)
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
0