CVEs from 2023
Total
6,189
critical
critical 221
high
high 1,481
medium
medium 1,384
low
low 30
% Critical
3.6%
% with KEV
2.6%
% with exploit
3.4%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- registrationmagic 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- cbot_panel 6
- codeready_linux_builder_eus 6
- openstack_platform 6
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49859 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Marcus (aka @msykes) Login With Ajax login-with-ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax:… | |||
| CVE-2023-49858 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Austin Custom Login custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through <= 4.… | |||
| CVE-2023-49849 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3. | |||
| CVE-2023-49835 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through … | |||
| CVE-2023-49758 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: fr… | |||
| CVE-2023-49754 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Po… | |||
| CVE-2023-49196 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7. | |||
| CVE-2023-49156 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing godaddy-email-marketing-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… | |||
| CVE-2023-48740 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Sajid Javed Easy Social Feed easy-facebook-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: … | |||
| CVE-2023-48332 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Varun Sharma Mail Bank - #1 Mail SMTP Plugin for WordPress wp-mail-bank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… | |||
| CVE-2023-48277 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super … | |||
| CVE-2023-47871 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: fr… | |||
| CVE-2023-47849 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Blossom Themes BlossomThemes Email Newsletter blossomthemes-email-newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue … | |||
| CVE-2023-47841 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1. | |||
| CVE-2023-47838 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 cf7-conditional-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe… | |||
| CVE-2023-47820 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0. | |||
| CVE-2023-47793 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Acme Themes Acme Fix Images acme-fix-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a… | |||
| CVE-2023-47780 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in flowdee EasyAzon easyazon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through <= 5.1.0. | |||
| CVE-2023-47776 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects mi… | |||
| CVE-2023-47763 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |||
| CVE-2023-47762 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WPDeveloper BetterDocs betterdocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through <= 2.5… | |||
| CVE-2023-47761 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks simple-301-redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects … | |||
| CVE-2023-47756 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a th… | |||
| CVE-2023-32126 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1. | |||
| CVE-2023-31073 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issu… | |||
| CVE-2023-30783 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in YummyWP Smart WooCommerce Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WooCommerce Search: from n/a t… | |||
| CVE-2023-30486 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0. | |||
| CVE-2023-30476 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2. | |||
| CVE-2023-29431 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Clea… | |||
| CVE-2023-29422 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a … | |||
| CVE-2023-28532 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from … | |||
| CVE-2023-28416 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5. | |||
| CVE-2023-28165 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPre… | |||
| CVE-2023-27625 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0. | |||
| CVE-2023-25993 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3. | |||
| CVE-2023-25486 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. | |||
| CVE-2023-25067 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through… | |||
| CVE-2023-25037 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact For… | |||
| CVE-2023-25026 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce:… | |||
| CVE-2023-23823 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a th… | |||
| CVE-2023-23725 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46. | |||
| CVE-2023-23716 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: … | |||
| CVE-2023-22708 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: fro… | |||
| CVE-2023-47828 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. | |||
| CVE-2023-40209 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. | |||
| CVE-2023-25030 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. | |||
| CVE-2023-44472 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28. | |||
| CVE-2023-6121 | medium | 4.3 | 4.3 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2023-52220 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. | |||
| CVE-2023-41864 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0. | |||
| CVE-2023-25043 | medium | 4.3 | 4.3 | 2y ago | Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25. | |||
| CVE-2023-51499 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | |||
| CVE-2023-49838 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTh… | |||
| CVE-2023-33923 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from … | |||
| CVE-2023-30480 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5. | |||
| CVE-2023-51525 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4. | |||
| CVE-2023-51692 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. | |||
| CVE-2023-23882 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | |||
| CVE-2023-34379 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | |||
| CVE-2023-49746 | medium | 4.3 | 4.3 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through… | |||
| CVE-2023-37890 | medium | 4.3 | 4.3 | 3y ago | Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subsc… | |||
| CVE-2023-47233 | medium | 4.3 | 4.3 | 3y ago | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers… | |||
| CVE-2023-2886 | medium | 4.3 | 4.3 | 3y ago | Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||
| CVE-2023-23992 | medium | 4.3 | 4.3 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | |||
| CVE-2023-7346 | medium | 4.0 | 4.0 | 11d ago | Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m… | |||
| CVE-2023-45249 | unknown | — | 2.5 | 2y ago | Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords. | |||
| CVE-2023-43208 | unknown | — | 2.5 | 2y ago | NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request. | |||
| CVE-2023-7028 | unknown | — | 2.5 | 2y ago | GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultima… | |||
| CVE-2023-24955 | unknown | — | 2.5 | 2y ago | Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. | |||
| CVE-2023-48788 | unknown | — | 2.5 | 2y ago | Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests. | |||
| CVE-2023-22527 | unknown | — | 2.5 | 2y ago | Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution. | |||
| CVE-2023-46805 | unknown | — | 2.5 | 2y ago | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to ac… | |||
| CVE-2023-29357 | unknown | — | 2.5 | 2y ago | Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a netw… | |||
| CVE-2023-23752 | unknown | — | 2.5 | 2y ago | Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints. | |||
| CVE-2023-7101 | unknown | — | 2.5 | 2y ago | Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Num… | |||
| CVE-2023-49103 | unknown | — | 2.5 | 3y ago | ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials. | |||
| CVE-2023-1671 | unknown | — | 2.5 | 3y ago | Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. | |||
| CVE-2023-36845 | unknown | — | 2.5 | 3y ago | Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment var… | |||
| CVE-2023-22518 | unknown | — | 2.5 | 3y ago | Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact … | |||
| CVE-2023-46747 | unknown | — | 2.5 | 3y ago | F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network … | |||
| CVE-2023-46604 | unknown | — | 2.5 | 3y ago | Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class type… | |||
| CVE-2023-20273 | unknown | — | 2.5 | 3y ago | Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and writ… | |||
| CVE-2023-4966 | unknown | — | 2.5 | 3y ago | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, … | |||
| CVE-2023-20198 | unknown | — | 2.5 | 3y ago | Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. Th… | |||
| CVE-2023-22515 | unknown | — | 2.5 | 3y ago | Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. | |||
| CVE-2023-40044 | unknown | — | 2.5 | 3y ago | Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying oper… | |||
| CVE-2023-42793 | unknown | — | 2.5 | 3y ago | JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. | |||
| CVE-2023-38831 | unknown | — | 2.5 | 3y ago | RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive. | |||
| CVE-2023-38035 | unknown | — | 2.5 | 3y ago | Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to… | |||
| CVE-2023-3519 | unknown | — | 2.5 | 3y ago | Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. | |||
| CVE-2023-36874 | unknown | — | 2.5 | 3y ago | Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-33246 | unknown | — | 2.5 | 3y ago | Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using … | |||
| CVE-2023-20887 | unknown | — | 2.5 | 3y ago | VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in … | |||
| CVE-2023-34362 | unknown | — | 2.5 | 3y ago | Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engin… | |||
| CVE-2023-28771 | unknown | — | 2.5 | 3y ago | Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets t… | |||
| CVE-2023-2868 | unknown | — | 2.5 | 3y ago | Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection. | |||
| CVE-2023-32315 | unknown | — | 2.5 | 3y ago | Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users. | |||
| CVE-2023-29336 | unknown | — | 2.5 | 3y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. | |||
| CVE-2023-21839 | unknown | — | 2.5 | 3y ago | Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. | |||
| CVE-2023-1389 | unknown | — | 2.5 | 3y ago | TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution. |