Lucene search
K

206205 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.9 views

CVE-2023-40431

The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS7AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.7 views

CVE-2023-40396

The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS6.9AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.5 views

CVE-2023-40446

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps...

7.8CVSS7AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.7 views

CVE-2023-40851

Cross Site Scripting XSS vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page...

5.4CVSS6.2AI score0.00371EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.5 views

CVE-2023-40958

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/baseclient.py component...

8.8CVSS8.3AI score0.01075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.8 views

CVE-2023-40868

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions...

8.8CVSS7.9AI score0.01151EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.3 views

CVE-2023-40195

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

8.8CVSS7.4AI score0.01413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.10 views

CVE-2023-40412

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS6.9AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.8 views

CVE-2023-40432

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS7.4AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:23 p.m.5 views

CVE-2018-14860

Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system...

9.1CVSS7.6AI score0.02211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:19 p.m.8 views

CVE-2018-10746

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary in the Diagnostics component using the 'get ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of t...

9CVSS7.6AI score0.02727EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:18 p.m.8 views

CVE-2018-10747

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary in the Diagnostics component using the 'unset ' function and cause memory corruption. Furthermore, it is possible to redirect the flow...

9CVSS7.6AI score0.02727EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:18 p.m.15 views

CVE-2018-10387

Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161...

10CVSS8.4AI score0.65284EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:17 p.m.7 views

CVE-2018-10086

CMS Made Simple CMSMS through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval'function testfunction'.rand" and it is possible to bypass certain restrictions on these "testfunction" functions...

7.2CVSS7.8AI score0.01953EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:16 p.m.9 views

CVE-2018-1000117

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates...

7.2CVSS7.2AI score0.01107EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.9 views

CVE-2018-1000860

phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'quqtl exploits an XSS vulnerability. that can result ...

4.7CVSS5.3AI score0.00799EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:12 p.m.7 views

CVE-2018-9341

In impeg2dmcfullxfully of impeg2dmc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

9.8CVSS9.4AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.8 views

CVE-2018-19512

In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory...

9CVSS7.6AI score0.07362EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:0 p.m.13 views

CVE-2018-19220

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI...

9.8CVSS8.1AI score0.0167EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:58 a.m.7 views

CVE-2018-19562

An issue was discovered in PHPok 4.9.015. admin.php?c=update=unzip allows remote attackers to execute arbitrary code via a "Login Background Program Upgrade Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive...

8.8CVSS8.1AI score0.02214EPSS
Exploits1References1
Rows per page
Query Builder