CVEs from 2023
Total
8,601
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
2.6%
% with KEV
1.9%
% with exploit
1.9%
Top vendors
- redhat 120
- microsoft 76
- f5 43
- cisco 26
- automattic 19
- cbot 12
- brainstormforce 11
- gvectors 10
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- openstack_platform 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- registrationmagic 6
- codeready_linux_builder_eus 6
- cbot_panel 6
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2023-1728 | critical | 9.8 | 9.8 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection. This issue affects LMS: before 23.04.03. | |
| CVE-2023-1765 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2. | |
| CVE-2023-1725 | critical | 9.8 | 9.8 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery. This issue affects Project Management System: before 4.09.31.125. | |
| CVE-2023-28531 | critical | 9.8 | 9.8 | 3y ago | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | |
| CVE-2023-33150 | critical | 9.6 | 9.6 | 3y ago | Microsoft Office Security Feature Bypass Vulnerability | |
| CVE-2023-43641 | critical | — | 9.5 | — | libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited… | |
| CVE-2023-5388 | critical | — | 9.5 | 2y ago | Critical: firefox security update | |
| CVE-2023-46847 | critical | — | 9.5 | 3y ago | Critical: squid security update | |
| CVE-2023-46848 | critical | — | 9.5 | 3y ago | Critical: squid security update | |
| CVE-2023-46846 | critical | — | 9.5 | 3y ago | Critical: squid security update | |
| CVE-2023-45853 | critical | — | 9.5 | 3y ago | pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency | |
| CVE-2023-3128 | critical | — | 9.5 | 3y ago | Critical: grafana security update | |
| CVE-2023-29405 | critical | — | 9.5 | 3y ago | Critical: go-toolset and golang security update | |
| CVE-2023-29403 | critical | — | 9.5 | 3y ago | Critical: go-toolset and golang security update | |
| CVE-2023-29402 | critical | — | 9.5 | 3y ago | Critical: go-toolset and golang security update | |
| CVE-2023-29404 | critical | — | 9.5 | 3y ago | Critical: go-toolset and golang security update | |
| CVE-2023-28787 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.… | |
| CVE-2023-24215 | critical | 9.1 | 9.1 | 9d ago | Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. | |
| CVE-2023-47842 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | |
| CVE-2023-29386 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | |
| CVE-2023-49166 | critical | 9.1 | 9.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0. | |
| CVE-2023-49161 | critical | 9.1 | 9.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2. | |
| CVE-2023-20867 | low | — | 4.0 | 3y ago | Low: open-vm-tools security update | |
| CVE-2023-23814 | low | 3.8 | 3.8 | 2y ago | Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar… | |
| CVE-2023-28168 | low | 3.7 | 3.7 | 2y ago | Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3… | |
| CVE-2023-38546 | low | 3.7 | 3.7 | 3y ago | Important: curl security update | |
| CVE-2023-24375 | low | 3.5 | 3.5 | 2y ago | Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |
| CVE-2023-29333 | low | 3.3 | 3.3 | 3y ago | Microsoft Access Denial of Service Vulnerability | |
| CVE-2023-4752 | low | — | 2.5 | 1y ago | Low: vim security update | |
| CVE-2023-2953 | low | — | 2.5 | 2y ago | Low: openldap security update | |
| CVE-2023-3817 | low | — | 2.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |
| CVE-2023-1729 | low | — | 2.5 | 2y ago | Low: LibRaw security update | |
| CVE-2023-6004 | low | — | 2.5 | 2y ago | Low: libssh security update | |
| CVE-2023-32636 | low | — | 2.5 | 2y ago | Low: mingw-glib2 security update | |
| CVE-2023-6918 | low | — | 2.5 | 2y ago | Low: libssh security update | |
| CVE-2023-2975 | low | — | 2.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |
| CVE-2023-52620 | low | 2.5 | 2.5 | 2y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2023-3674 | low | — | 2.5 | 2y ago | Low: keylime security update | |
| CVE-2023-32611 | low | — | 2.5 | 3y ago | Low: mingw-glib2 security update | |
| CVE-2023-4641 | low | — | 2.5 | 3y ago | Low: shadow-utils security and bug fix update | |
| CVE-2023-32665 | low | — | 2.5 | 3y ago | Low: mingw-glib2 security update | |
| CVE-2023-22745 | low | — | 2.5 | 3y ago | Low: tpm2-tss security and enhancement update | |
| CVE-2023-29499 | low | — | 2.5 | 3y ago | Low: mingw-glib2 security update | |
| CVE-2023-2977 | low | — | 2.5 | 3y ago | Low: opensc security update | |
| CVE-2023-4016 | low | — | 2.5 | 3y ago | Low: procps-ng security and bug fix update |