Common Vulnerabilities and Exposures (CVE)

CVE-2023-48192

Jul 9, 2026 00:29:05 UTC

An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.

CVE-2023-48105

Jul 9, 2026 00:29:04 UTC

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

CVE-2023-48056

Jul 9, 2026 00:29:03 UTC

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

CVE-2023-47890

Jul 9, 2026 00:29:01 UTC

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.

CVE-2023-47458

Jul 9, 2026 00:29:00 UTC

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.

CVE-2023-47415

Jul 9, 2026 00:28:59 UTC

Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.

CVE-2023-47327

Jul 9, 2026 00:28:58 UTC

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.

CVE-2023-47326

Jul 9, 2026 00:28:57 UTC

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.

CVE-2023-47325

Jul 9, 2026 00:28:55 UTC

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the s...

CVE-2023-47324

Jul 9, 2026 00:28:54 UTC

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.

CVE-2023-47323

Jul 9, 2026 00:28:53 UTC

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.

CVE-2023-47322

Jul 9, 2026 00:28:52 UTC

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the C...

CVE-2023-47321

Jul 9, 2026 00:28:50 UTC

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.

CVE-2023-47320

Jul 9, 2026 00:28:49 UTC

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes th...

CVE-2023-46987

Jul 9, 2026 00:28:48 UTC

SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.