CVEs from 2023
Total
6,664
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%
Top vendors
- redhat 120
- microsoft 76
- f5 43
- cisco 26
- automattic 19
- cbot 12
- brainstormforce 11
- gvectors 10
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- openstack_platform 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- registrationmagic 6
- codeready_linux_builder_eus 6
- cbot_panel 6
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2023-35910 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This is… | |
| CVE-2023-36677 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Do… | |
| CVE-2023-25990 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | |
| CVE-2023-25800 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | |
| CVE-2023-28777 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4… | |
| CVE-2023-45048 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions. | |
| CVE-2023-41730 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | |
| CVE-2023-29235 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | |
| CVE-2023-37998 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3. | |
| CVE-2023-4934 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass. This issue affects AYBS: before 1.0.3. | |
| CVE-2023-4665 | high | 8.8 | 8.8 | 3y ago | Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |
| CVE-2023-4664 | high | 8.8 | 8.8 | 3y ago | Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |
| CVE-2023-32079 | high | 8.8 | 8.8 | 3y ago | Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User in github.com/gravitl/netmaker | |
| CVE-2023-38512 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through <= 4.5.4. | |
| CVE-2023-35096 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. | |
| CVE-2023-33153 | high | 8.8 | 8.8 | 3y ago | Microsoft Outlook Remote Code Execution Vulnerability | |
| CVE-2023-35091 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions. | |
| CVE-2023-23679 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from … | |
| CVE-2023-33314 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. | |
| CVE-2023-2883 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |
| CVE-2023-2065 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. This issue affects Cargo Tracking System… | |
| CVE-2023-2702 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass. This issue affects Competition Managem… | |
| CVE-2023-22689 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | |
| CVE-2023-26314 | high | 8.8 | 8.8 | 3y ago | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | |
| CVE-2023-24377 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. | |
| CVE-2023-47698 | high | 8.6 | 8.6 | 2y ago | Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japaniz… | |
| CVE-2023-51355 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: f… | |
| CVE-2023-49817 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocomme… | |
| CVE-2023-48286 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a throu… | |
| CVE-2023-51471 | high | 8.2 | 8.2 | 2y ago | Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1… | |
| CVE-2023-25998 | high | 8.1 | 8.1 | 11mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Lo… | |
| CVE-2023-26005 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: … | |
| CVE-2023-25999 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Loca… | |
| CVE-2023-41130 | high | 8.1 | 8.1 | 2y ago | Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Ro… | |
| CVE-2023-23649 | high | 8.1 | 8.1 | 2y ago | Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | |
| CVE-2023-52180 | high | 8.1 | 8.1 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe … | |
| CVE-2023-26525 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, E… | |
| CVE-2023-30750 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordP… | |
| CVE-2023-30495 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7… | |
| CVE-2023-49825 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affe… | |
| CVE-2023-33330 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |
| CVE-2023-33209 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes.This issue affects SEO Change Monitor – Tr… | |
| CVE-2023-31092 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2. | |
| CVE-2023-36520 | high | 8.1 | 8.1 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | |
| CVE-2023-35876 | high | 8.1 | 8.1 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | |
| CVE-2023-37867 | high | 8.1 | 8.1 | 3y ago | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plug… | |
| CVE-2023-2885 | high | 8.1 | 8.1 | 3y ago | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). This issue affects Chatbot: before Core:… | |
| CVE-2023-25012 | high | — | 8.0 | — | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | |
| CVE-2023-1894 | high | — | 8.0 | — | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down… | |
| CVE-2023-0118 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2023-0122 | high | — | 8.0 | — | A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Af… | |
| CVE-2023-0119 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2023-27753 | high | 8.0 | 8.0 | 16d ago | An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |
| CVE-2023-49316 | high | — | 8.0 | 20d ago | Phpseclib needs guardrails on large binaryfield integers | |
| CVE-2023-52971 | high | — | 8.0 | 5mo ago | Important: mariadb:10.11 security update | |
| CVE-2023-54035 | high | — | 8.0 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on ch… | |
| CVE-2023-52969 | high | — | 8.0 | 7mo ago | Important: mariadb:10.11 security update | |
| CVE-2023-52970 | high | — | 8.0 | 7mo ago | Important: mariadb:10.11 security update | |
| CVE-2023-53064 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. P… | |
| CVE-2023-53012 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: call put_device() only after device_register() fails put_device() shouldn't be called before a prior call to devic… | |
| CVE-2023-34440 | high | — | 8.0 | 1y ago | Important:microcode_ctl bug fix and enhancement update | |
| CVE-2023-43758 | high | — | 8.0 | 1y ago | Important:microcode_ctl bug fix and enhancement update | |
| CVE-2023-52922 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff8881… | |
| CVE-2023-52605 | high | — | 8.0 | 1y ago | Important: kernel security update | |
| CVE-2023-28856 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-22458 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-25155 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-45145 | high | — | 8.0 | 2y ago | Important: redis:6 security update | |
| CVE-2023-52703 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is unini… | |
| CVE-2023-52648 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held… | |
| CVE-2023-52730 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can n… | |
| CVE-2023-42956 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2023-52762 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32… | |
| CVE-2023-42843 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2023-52878 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_s… | |
| CVE-2023-52756 | high | — | 8.0 | 2y ago | Important: kernel security update | |
| CVE-2023-52791 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. Howe… | |
| CVE-2023-52560 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFI… | |
| CVE-2023-52813 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATA_RESET We found a hungtask bug in test_aead_vec_cfg as follows: INFO: task cryptomgr_tes… | |
| CVE-2023-52840 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees… | |
| CVE-2023-52622 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_si… | |
| CVE-2023-52619 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd num… | |
| CVE-2023-52662 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, includi… | |
| CVE-2023-52811 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are al… | |
| CVE-2023-52683 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if… | |
| CVE-2023-52679 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through th… | |
| CVE-2023-42950 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2023-52686 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory whic… | |
| CVE-2023-52834 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX o… | |
| CVE-2023-52615 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when t… | |
| CVE-2023-52775 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. … | |
| CVE-2023-52451 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the dr… | |
| CVE-2023-52784 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been … | |
| CVE-2023-52464 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug … | |
| CVE-2023-5841 | high | — | 8.0 | 2y ago | Important: openexr security update | |
| CVE-2023-52658 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b… | |
| CVE-2023-43010 | high | — | 8.0 | 2y ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. P… | |
| CVE-2023-52884 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions Grab input->mutex during suspend/resume functions like … | |
| CVE-2023-52798 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix dfs radar event locking The ath11k active pdevs are protected by RCU but the DFS radar event handling code call… | |
| CVE-2023-52800 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k… |