CVEs from 2023
Total
6,671
critical
critical 222
high
high 1,565
medium
medium 1,266
low
low 28
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- registrationmagic 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- cbot_panel 6
- codeready_linux_builder_eus 6
- openstack_platform 6
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2023-34181 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= 0.6.11 versions. | |
| CVE-2023-34178 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11 versions. | |
| CVE-2023-46614 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1 versions. | |
| CVE-2023-34386 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions. | |
| CVE-2023-34002 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions. | |
| CVE-2023-31087 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions. | |
| CVE-2023-25975 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions. | |
| CVE-2023-25994 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions. | |
| CVE-2023-41798 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPre… | |
| CVE-2023-36527 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | |
| CVE-2023-25983 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | |
| CVE-2023-5823 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions. | |
| CVE-2023-47186 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions. | |
| CVE-2023-46781 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions. | |
| CVE-2023-46780 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions. | |
| CVE-2023-46779 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions. | |
| CVE-2023-46778 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions. | |
| CVE-2023-46777 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions. | |
| CVE-2023-46776 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions. | |
| CVE-2023-46775 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions. | |
| CVE-2023-47182 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions. | |
| CVE-2023-46084 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/… | |
| CVE-2023-35910 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This is… | |
| CVE-2023-36677 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Do… | |
| CVE-2023-25990 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | |
| CVE-2023-25800 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | |
| CVE-2023-28777 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4… | |
| CVE-2023-45048 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions. | |
| CVE-2023-41730 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | |
| CVE-2023-29235 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | |
| CVE-2023-37998 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3. | |
| CVE-2023-4934 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass. This issue affects AYBS: before 1.0.3. | |
| CVE-2023-4665 | high | 8.8 | 8.8 | 3y ago | Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |
| CVE-2023-4664 | high | 8.8 | 8.8 | 3y ago | Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |
| CVE-2023-32079 | high | 8.8 | 8.8 | 3y ago | Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User in github.com/gravitl/netmaker | |
| CVE-2023-38512 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through <= 4.5.4. | |
| CVE-2023-35096 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. | |
| CVE-2023-33153 | high | 8.8 | 8.8 | 3y ago | Microsoft Outlook Remote Code Execution Vulnerability | |
| CVE-2023-35091 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions. | |
| CVE-2023-23679 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from … | |
| CVE-2023-33314 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. | |
| CVE-2023-2883 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |
| CVE-2023-2065 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. This issue affects Cargo Tracking System… | |
| CVE-2023-2702 | high | 8.8 | 8.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass. This issue affects Competition Managem… | |
| CVE-2023-22689 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | |
| CVE-2023-26314 | high | 8.8 | 8.8 | 3y ago | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | |
| CVE-2023-24377 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. | |
| CVE-2023-47698 | high | 8.6 | 8.6 | 2y ago | Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japaniz… | |
| CVE-2023-51355 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: f… | |
| CVE-2023-49817 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocomme… | |
| CVE-2023-48286 | high | 8.2 | 8.2 | 2y ago | Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a throu… | |
| CVE-2023-51471 | high | 8.2 | 8.2 | 2y ago | Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1… | |
| CVE-2023-25998 | high | 8.1 | 8.1 | 11mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Lo… | |
| CVE-2023-26005 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: … | |
| CVE-2023-25999 | high | 8.1 | 8.1 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Loca… | |
| CVE-2023-41130 | high | 8.1 | 8.1 | 2y ago | Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Ro… | |
| CVE-2023-23649 | high | 8.1 | 8.1 | 2y ago | Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | |
| CVE-2023-52180 | high | 8.1 | 8.1 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe … | |
| CVE-2023-26525 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, E… | |
| CVE-2023-30750 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordP… | |
| CVE-2023-30495 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7… | |
| CVE-2023-49825 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affe… | |
| CVE-2023-33330 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |
| CVE-2023-33209 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes.This issue affects SEO Change Monitor – Tr… | |
| CVE-2023-31092 | high | 8.1 | 8.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2. | |
| CVE-2023-36520 | high | 8.1 | 8.1 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | |
| CVE-2023-35876 | high | 8.1 | 8.1 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | |
| CVE-2023-37867 | high | 8.1 | 8.1 | 3y ago | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plug… | |
| CVE-2023-33170 | high | 8.1 | 8.1 | 3y ago | ASP.NET and Visual Studio Security Feature Bypass Vulnerability | |
| CVE-2023-33127 | high | 8.1 | 8.1 | 3y ago | .NET and Visual Studio Elevation of Privilege Vulnerability | |
| CVE-2023-2885 | high | 8.1 | 8.1 | 3y ago | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). This issue affects Chatbot: before Core:… | |
| CVE-2023-0119 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2023-0118 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2023-0122 | high | — | 8.0 | — | A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Af… | |
| CVE-2023-1894 | high | — | 8.0 | — | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down… | |
| CVE-2023-25012 | high | — | 8.0 | — | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | |
| CVE-2023-27753 | high | 8.0 | 8.0 | 16d ago | An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |
| CVE-2023-49316 | high | — | 8.0 | 20d ago | Phpseclib needs guardrails on large binaryfield integers | |
| CVE-2023-52971 | high | — | 8.0 | 5mo ago | Important: mariadb:10.11 security update | |
| CVE-2023-54035 | high | — | 8.0 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on ch… | |
| CVE-2023-53064 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. P… | |
| CVE-2023-53012 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: call put_device() only after device_register() fails put_device() shouldn't be called before a prior call to devic… | |
| CVE-2023-34440 | high | — | 8.0 | 1y ago | Important:microcode_ctl bug fix and enhancement update | |
| CVE-2023-43758 | high | — | 8.0 | 1y ago | Important:microcode_ctl bug fix and enhancement update | |
| CVE-2023-52922 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff8881… | |
| CVE-2023-52605 | high | — | 8.0 | 1y ago | Important: kernel security update | |
| CVE-2023-22458 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-28856 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-25155 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |
| CVE-2023-52615 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when t… | |
| CVE-2023-52686 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory whic… | |
| CVE-2023-52622 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_si… | |
| CVE-2023-52662 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, includi… | |
| CVE-2023-52840 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees… | |
| CVE-2023-52834 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX o… | |
| CVE-2023-52683 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if… | |
| CVE-2023-52813 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATA_RESET We found a hungtask bug in test_aead_vec_cfg as follows: INFO: task cryptomgr_tes… | |
| CVE-2023-52679 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through th… | |
| CVE-2023-52775 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. … | |
| CVE-2023-52784 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been … |