CVEs from 2023
Total
8,601
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
2.6%
% with KEV
1.9%
% with exploit
1.9%
Top vendors
- redhat 120
- microsoft 76
- f5 43
- cisco 26
- automattic 19
- cbot 12
- brainstormforce 11
- gvectors 10
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- openstack_platform 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- registrationmagic 6
- codeready_linux_builder_eus 6
- cbot_panel 6
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2023-43000 | high | — | 9.5 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2023-42917 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-5217 | high | — | 9.5 | 3y ago | Important: firefox security update | |
| CVE-2023-4863 | high | — | 9.5 | 3y ago | Important: firefox security update | |
| CVE-2023-38180 | high | — | 9.5 | 3y ago | Important: .NET 6.0 security, bug fix, and enhancement update | |
| CVE-2023-41993 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML par… | |
| CVE-2023-42916 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability cou… | |
| CVE-2023-37450 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML par… | |
| CVE-2023-32439 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-32435 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-28204 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-32373 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-28205 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-0386 | high | — | 9.5 | 3y ago | Important: kernel-rt security and bug fix update | |
| CVE-2023-0266 | high | — | 9.5 | 3y ago | Important: kernel-rt security and bug fix update | |
| CVE-2023-23529 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2023-4911 | high | 7.8 | 9.3 | 3y ago | Important: glibc security update | |
| CVE-2023-44487 | high | 7.5 | 9.0 | 3y ago | Important: nodejs:20 security update | |
| CVE-2023-54348 | high | 8.8 | 8.8 | 22d ago | ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the … | |
| CVE-2023-54345 | high | 8.8 | 8.8 | 22d ago | Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame intr… | |
| CVE-2023-53888 | high | 8.8 | 8.8 | 5mo ago | Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files… | |
| CVE-2023-47179 | high | 8.8 | 8.8 | 1y ago | Missing Authorization vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: f… | |
| CVE-2023-45760 | high | 8.8 | 8.8 | 1y ago | Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3. | |
| CVE-2023-45104 | high | 8.8 | 8.8 | 1y ago | Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through <= … | |
| CVE-2023-41870 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5. | |
| CVE-2023-41695 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.0. | |
| CVE-2023-40334 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through … | |
| CVE-2023-40203 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: … | |
| CVE-2023-38475 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Sm… | |
| CVE-2023-38385 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. | |
| CVE-2023-35051 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti:… | |
| CVE-2023-33996 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This i… | |
| CVE-2023-51360 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential… | |
| CVE-2023-51359 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential… | |
| CVE-2023-49856 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through <= 2… | |
| CVE-2023-49756 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.… | |
| CVE-2023-47760 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential… | |
| CVE-2023-30873 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8. | |
| CVE-2023-24407 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calenda… | |
| CVE-2023-23825 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | |
| CVE-2023-23715 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP… | |
| CVE-2023-31090 | high | 8.8 | 8.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This i… | |
| CVE-2023-51515 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8. | |
| CVE-2023-6523 | high | 8.8 | 8.8 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. This issue affects Extreme XDS: before 3914. | |
| CVE-2023-39309 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. | |
| CVE-2023-44999 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. | |
| CVE-2023-39311 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. | |
| CVE-2023-48777 | high | 8.8 | 8.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | |
| CVE-2023-39307 | high | 8.8 | 8.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | |
| CVE-2023-27459 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. | |
| CVE-2023-52214 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3. | |
| CVE-2023-25039 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43. | |
| CVE-2023-37886 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2. | |
| CVE-2023-37885 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2. | |
| CVE-2023-51487 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32. | |
| CVE-2023-51486 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101. | |
| CVE-2023-51474 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.This issue affects TerraClassifieds: from n/a through 2.0.3. | |
| CVE-2023-51512 | high | 8.8 | 8.8 | 2y ago | Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6. | |
| CVE-2023-51510 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0. | |
| CVE-2023-51491 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6. | |
| CVE-2023-51489 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.… | |
| CVE-2023-51407 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9. | |
| CVE-2023-51522 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4. | |
| CVE-2023-51369 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3. | |
| CVE-2023-50898 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. | |
| CVE-2023-50861 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from … | |
| CVE-2023-47874 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6. | |
| CVE-2023-51696 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanT… | |
| CVE-2023-51531 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17. | |
| CVE-2023-51530 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Log… | |
| CVE-2023-51529 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3. | |
| CVE-2023-51528 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12. | |
| CVE-2023-52226 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0. | |
| CVE-2023-52223 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8. | |
| CVE-2023-51683 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1. | |
| CVE-2023-6724 | high | 8.8 | 8.8 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue a… | |
| CVE-2023-6515 | high | 8.8 | 8.8 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7. | |
| CVE-2023-6676 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5. | |
| CVE-2023-23896 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.This issue affects URL Shortener by MyThemeShop: from n/a through 1.0.17. | |
| CVE-2023-52201 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1. | |
| CVE-2023-52142 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For T… | |
| CVE-2023-52216 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3. | |
| CVE-2023-52204 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3. | |
| CVE-2023-52222 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | |
| CVE-2023-52207 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0. | |
| CVE-2023-52219 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1. | |
| CVE-2023-52122 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. | |
| CVE-2023-52121 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – C… | |
| CVE-2023-52120 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much … | |
| CVE-2023-52119 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress… | |
| CVE-2023-51668 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18. | |
| CVE-2023-51539 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1. | |
| CVE-2023-51538 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin:… | |
| CVE-2023-51535 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanT… | |
| CVE-2023-52149 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0. | |
| CVE-2023-52145 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21. | |
| CVE-2023-52136 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: fr… | |
| CVE-2023-52130 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. | |
| CVE-2023-52129 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. | |
| CVE-2023-52128 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custo… |