CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-33331 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a thr… | |||
| CVE-2023-48742 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injecti… | |||
| CVE-2023-23678 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy )… | |||
| CVE-2023-46823 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affect… | |||
| CVE-2023-46821 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Secu… | |||
| CVE-2023-40215 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotatio… | |||
| CVE-2023-38391 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a thr… | |||
| CVE-2023-32741 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact… | |||
| CVE-2023-34179 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2… | |||
| CVE-2023-32508 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Post… | |||
| CVE-2023-32121 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for Word… | |||
| CVE-2023-25047 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a thr… | |||
| CVE-2023-25045 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | |||
| CVE-2023-3375 | high | 7.2 | 7.2 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection. This issue affects Bookreen: before 3.0.0. | |||
| CVE-2023-48758 | high | 7.1 | 7.1 | 1y ago | Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4. | |||
| CVE-2023-46632 | high | 7.1 | 7.1 | 1y ago | Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3. | |||
| CVE-2023-49158 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.… | |||
| CVE-2023-52682 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on… | |||
| CVE-2023-34370 | high | 7.1 | 7.1 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects… | |||
| CVE-2023-39306 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a throu… | |||
| CVE-2023-28687 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magaz… | |||
| CVE-2023-45771 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from… | |||
| CVE-2023-49839 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme… | |||
| CVE-2023-5921 | high | 7.1 | 7.1 | 3y ago | Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396. | |||
| CVE-2023-1652 | high | 7.1 | 7.1 | 3y ago | A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a… | |||
| CVE-2023-23398 | high | 7.1 | 7.1 | 3y ago | Microsoft Excel Spoofing Vulnerability | |||
| CVE-2023-6931 | high | 7.0 | 7.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-6932 | high | 7.0 | 7.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-51767 | high | 7.0 | 7.0 | 3y ago | OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resi… | |||
| CVE-2023-36565 | high | 7.0 | 7.0 | 3y ago | Microsoft Office Graphics Elevation of Privilege Vulnerability | |||
| CVE-2023-20867 | low | — | 4.0 | 3y ago | VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the… | |||
| CVE-2023-23814 | low | 3.8 | 3.8 | 2y ago | Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar… | |||
| CVE-2023-28168 | low | 3.7 | 3.7 | 2y ago | Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3… | |||
| CVE-2023-5831 | low | 3.7 | 3.7 | 3y ago | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.… | |||
| CVE-2023-38546 | low | 3.7 | 3.7 | 3y ago | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application crea… | |||
| CVE-2023-22045 | low | 3.7 | 3.7 | 3y ago | Moderate: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2023-22036 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-22049 | low | 3.7 | 3.7 | 3y ago | Moderate: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2023-21968 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-24375 | low | 3.5 | 3.5 | 2y ago | Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2023-29333 | low | 3.3 | 3.3 | 3y ago | Microsoft Access Denial of Service Vulnerability | |||
| CVE-2023-5963 | low | 3.1 | 3.1 | 3y ago | An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Ad… | |||
| CVE-2023-22006 | low | 3.1 | 3.1 | 3y ago | RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-4752 | low | — | 2.5 | 1y ago | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | |||
| CVE-2023-2953 | low | — | 2.5 | 2y ago | RHSA-2024:4264: openldap security update (Low) | |||
| CVE-2023-3817 | low | — | 2.5 | 2y ago | RHSA-2023:7877: openssl security update (Low) | |||
| CVE-2023-6918 | low | — | 2.5 | 2y ago | RHSA-2024:3233: libssh security update (Low) | |||
| CVE-2023-2975 | low | — | 2.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |||
| CVE-2023-52620 | low | 2.5 | 2.5 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-3446 | low | — | 2.5 | 2y ago | RHSA-2024:0888: edk2 security update (Low) | |||
| CVE-2023-32636 | low | — | 2.5 | 2y ago | Low: mingw-glib2 security update | |||
| CVE-2023-6004 | low | — | 2.5 | 2y ago | RHSA-2024:3233: libssh security update (Low) | |||
| CVE-2023-1729 | low | — | 2.5 | 2y ago | Low: LibRaw security update | |||
| CVE-2023-3674 | low | — | 2.5 | 2y ago | Low: keylime security update | |||
| CVE-2023-4641 | low | — | 2.5 | 3y ago | Low: shadow-utils security and bug fix update | |||
| CVE-2023-32665 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-32611 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-32573 | low | — | 2.5 | 3y ago | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | |||
| CVE-2023-4016 | low | — | 2.5 | 3y ago | RHSA-2023:7187: procps-ng security update (Low) | |||
| CVE-2023-2977 | low | — | 2.5 | 3y ago | RHSA-2023:7160: opensc security and bug fix update (Low) | |||
| CVE-2023-22745 | low | — | 2.5 | 3y ago | RHSA-2023:7166: tpm2-tss security and enhancement update (Low) | |||
| CVE-2023-29499 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update |