Export limit exceeded: 10559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10559 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39289 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 7.5 High |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. | ||||
| CVE-2023-39057 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39054 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39053 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-11-21 | 6.5 Medium |
| An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39051 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39050 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39048 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39047 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39045 | 1 Kokoroe Members Card Project | 1 Kokoroe Members Card | 2024-11-21 | 6.5 Medium |
| An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-39042 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | 7.5 High |
| An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-38898 | 1 Python | 1 Python | 2024-11-21 | 5.3 Medium |
| An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | ||||
| CVE-2023-38849 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38847 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38846 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38845 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38718 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 3.7 Low |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. | ||||
| CVE-2023-38700 | 1 Matrix | 1 Matrix Irc Bridge | 2024-11-21 | 3.5 Low |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance. | ||||
| CVE-2023-38685 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.3 Medium |
| Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. | ||||
| CVE-2023-38503 | 1 Monospace | 1 Directus | 2024-11-21 | 5.7 Medium |
| Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions. | ||||