Export limit exceeded: 344055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75408 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53947 | 1 Ocsinventory-ng | 2 Ocs Inventory Ng, Ocsinventory Ng | 2026-04-07 | 8.4 High |
| OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges. | ||||
| CVE-2023-53946 | 1 Arcsoft | 1 Photostudio | 2026-04-07 | 8.4 High |
| Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions. | ||||
| CVE-2023-53945 | 1 Brainycp | 1 Brainycp | 2026-04-07 | 8.8 High |
| BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port. | ||||
| CVE-2023-53942 | 1 Leefish | 1 File Thingie | 2026-04-07 | 8.8 High |
| File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter. | ||||
| CVE-2023-53940 | 2026-04-07 | 7.8 High | ||
| Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js child_process module when the file is opened. | ||||
| CVE-2023-53937 | 1 Hubstaff | 1 Hubstaff | 2026-04-07 | 7.8 High |
| Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup. | ||||
| CVE-2023-53933 | 1 S9y | 1 Serendipity | 2026-04-07 | 8.8 High |
| Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server. | ||||
| CVE-2023-53930 | 1 Projectsend | 1 Projectsend | 2026-04-07 | 7.5 High |
| ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.php. | ||||
| CVE-2023-53929 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-07 | 8.8 High |
| phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file. | ||||
| CVE-2023-53924 | 1 Ulicms | 1 Ulicms | 2026-04-07 | 8.8 High |
| UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution through maliciously crafted avatar uploads. | ||||
| CVE-2023-53913 | 1 Rukovoditel | 1 Rukovoditel | 2026-04-07 | 8.8 High |
| Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file. | ||||
| CVE-2023-53908 | 1 Belden | 1 Hisecos | 2026-04-07 | 8.8 High |
| HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level. | ||||
| CVE-2023-53905 | 1 Projectsend | 1 Projectsend | 2026-04-07 | 8 High |
| ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files. | ||||
| CVE-2023-53900 | 1 Spip | 1 Spip | 2026-04-07 | 8.8 High |
| Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering. | ||||
| CVE-2023-53896 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2026-04-07 | 7.5 High |
| D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script. | ||||
| CVE-2023-53892 | 1 Blackcat-cms | 1 Blackcat Cms | 2026-04-07 | 7.2 High |
| Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter. | ||||
| CVE-2023-53889 | 2 Grabaperch, Perch | 2 Perch, Perch Cms | 2026-04-07 | 7.2 High |
| Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands on the server. | ||||
| CVE-2023-53888 | 2 Zomp, Zomplog | 2 Zomplog, Zomplog | 2026-04-07 | 8.8 High |
| Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application. | ||||
| CVE-2023-53886 | 1 Xlightftpd | 1 Xlight Ftp Server | 2026-04-07 | 7.5 High |
| Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition. | ||||
| CVE-2023-53885 | 1 Webutler | 1 Webutler | 2026-04-07 | 7.2 High |
| Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file. | ||||