CVEs from 2023
Total
8,275
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
2.7%
% with KEV
2.0%
% with exploit
2.0%
Top vendors
- redhat 120
- microsoft 76
- f5 43
- cisco 26
- automattic 19
- cbot 12
- brainstormforce 11
- gvectors 10
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- openstack_platform 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- registrationmagic 6
- codeready_linux_builder_eus 6
- cbot_panel 6
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2023-35910 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This is… | |
| CVE-2023-36677 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Do… | |
| CVE-2023-25990 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | |
| CVE-2023-25800 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | |
| CVE-2023-28777 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4… | |
| CVE-2023-45048 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions. | |
| CVE-2023-41730 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | |
| CVE-2023-29235 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | |
| CVE-2023-37998 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3. | |
| CVE-2023-4934 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass. This issue affects AYBS: before 1.0.3. | |
| CVE-2023-4665 | high | 8.8 | 8.8 | 3y ago | Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |
| CVE-2023-4664 | high | 8.8 | 8.8 | 3y ago | Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |
| CVE-2023-32079 | high | 8.8 | 8.8 | 3y ago | Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User in github.com/gravitl/netmaker | |
| CVE-2023-38512 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through <= 4.5.4. | |
| CVE-2023-35096 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. | |
| CVE-2023-33153 | high | 8.8 | 8.8 | 3y ago | Microsoft Outlook Remote Code Execution Vulnerability | |
| CVE-2023-35091 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions. | |
| CVE-2023-23679 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from … | |
| CVE-2023-33314 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. | |
| CVE-2023-2883 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |
| CVE-2023-2065 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. This issue affects Cargo Tracking System… | |
| CVE-2023-2702 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass. This issue affects Competition Managem… | |
| CVE-2023-22689 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | |
| CVE-2023-26314 | high | 8.8 | 8.8 | 3y ago | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | |
| CVE-2023-24377 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. | |
| CVE-2023-47698 | high | 8.6 | 8.6 | 2y ago | Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japaniz… | |
| CVE-2023-51355 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: f… | |
| CVE-2023-49817 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocomme… | |
| CVE-2023-48286 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a throu… | |
| CVE-2023-51471 | high | 8.2 | 8.2 | 2y ago | Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1… | |
| CVE-2023-25998 | high | 8.1 | 8.1 | 11mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Lo… | |
| CVE-2023-26005 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: … | |
| CVE-2023-25999 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Loca… | |
| CVE-2023-41130 | high | 8.1 | 8.1 | 2y ago | Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Ro… | |
| CVE-2023-23649 | high | 8.1 | 8.1 | 2y ago | Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | |
| CVE-2023-52180 | high | 8.1 | 8.1 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe … | |
| CVE-2023-26525 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, E… | |
| CVE-2023-30750 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordP… | |
| CVE-2023-30495 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7… | |
| CVE-2023-49825 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affe… | |
| CVE-2023-33330 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |
| CVE-2023-33209 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes.This issue affects SEO Change Monitor – Tr… | |
| CVE-2023-31092 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2. | |
| CVE-2023-36520 | high | 8.1 | 8.1 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | |
| CVE-2023-35876 | high | 8.1 | 8.1 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | |
| CVE-2023-37867 | high | 8.1 | 8.1 | 3y ago | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plug… | |
| CVE-2023-2885 | high | 8.1 | 8.1 | 3y ago | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). This issue affects Chatbot: before Core:… | |
| CVE-2023-25012 | high | — | 8.0 | — | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | |
| CVE-2023-0122 | high | — | 8.0 | — | A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Af… | |
| CVE-2023-1894 | high | — | 8.0 | — | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down… | |
| CVE-2023-0118 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2023-0119 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2023-27753 | high | 8.0 | 8.0 | 16d ago | An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |
| CVE-2023-49316 | high | — | 8.0 | 20d ago | Phpseclib needs guardrails on large binaryfield integers | |
| CVE-2023-52971 | high | — | 8.0 | 5mo ago | Important: mariadb:10.11 security update | |
| CVE-2023-54035 | high | — | 8.0 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on ch… | |
| CVE-2023-52970 | high | — | 8.0 | 7mo ago | Important: mariadb:10.11 security update | |
| CVE-2023-52969 | high | — | 8.0 | 7mo ago | Important: mariadb:10.11 security update | |
| CVE-2023-53064 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. P… | |
| CVE-2023-53012 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: call put_device() only after device_register() fails put_device() shouldn't be called before a prior call to devic… | |
| CVE-2023-34440 | high | — | 8.0 | 1y ago | Important:microcode_ctl bug fix and enhancement update | |
| CVE-2023-43758 | high | — | 8.0 | 1y ago | Important:microcode_ctl bug fix and enhancement update | |
| CVE-2023-52605 | high | — | 8.0 | 1y ago | Important: kernel security update | |
| CVE-2023-52922 | high | — | 8.0 | 1y ago | Important: kernel security update | |
| CVE-2023-28856 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-22458 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-25155 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-45145 | high | — | 8.0 | 2y ago | Important: redis:6 security update | |
| CVE-2023-52775 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52784 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52762 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52451 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52648 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52615 | high | — | 8.0 | 2y ago | Important: kernel-rt security and bug fix update | |
| CVE-2023-52756 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52686 | high | — | 8.0 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2023-52730 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52560 | high | — | 8.0 | 2y ago | Important: kernel-rt security and bug fix update | |
| CVE-2023-52703 | high | — | 8.0 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2023-52791 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52834 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52813 | high | — | 8.0 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2023-52811 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52464 | high | — | 8.0 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2023-52619 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52622 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52679 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-42843 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2023-42950 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2023-52878 | high | — | 8.0 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2023-52683 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52840 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-42956 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2023-52662 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-5841 | high | — | 8.0 | 2y ago | Important: openexr security update | |
| CVE-2023-43010 | high | — | 8.0 | 2y ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. P… | |
| CVE-2023-52658 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52798 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52884 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52800 | high | — | 8.0 | 2y ago | Important: kernel security update |