Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32029 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-04 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-31275 | 1 Kingsoft | 1 Wps Office | 2025-11-04 | N/A | 8.8 HIGH |
| An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-31272 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | N/A | 9.0 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-31194 | 1 Diagon Project | 1 Diagon | 2025-11-04 | N/A | 5.3 MEDIUM |
| An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | |||||
| CVE-2023-31192 | 1 Softether | 1 Vpn | 2025-11-04 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2023-29497 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory. | |||||
| CVE-2023-28744 | 1 Foxit | 1 Pdf Reader | 2025-11-04 | N/A | 8.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2023-28708 | 1 Apache | 1 Tomcat | 2025-11-04 | N/A | 4.3 MEDIUM |
| When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected. | |||||
| CVE-2023-28528 | 1 Ibm | 2 Aix, Vios | 2025-11-04 | N/A | 8.4 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | |||||
| CVE-2023-28393 | 1 Accusoft | 1 Imagegear | 2025-11-04 | N/A | 5.6 MEDIUM |
| A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-28391 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | N/A | 9.0 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-28381 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-28379 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | N/A | 9.0 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-28180 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 6.5 MEDIUM |
| A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service. | |||||
| CVE-2023-27958 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 9.1 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2023-27953 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2023-27935 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 8.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-27934 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 8.8 HIGH |
| A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-27882 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | N/A | 9.0 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||