CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28165 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPre… | |||
| CVE-2023-27625 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0. | |||
| CVE-2023-25993 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3. | |||
| CVE-2023-25486 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. | |||
| CVE-2023-25067 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through… | |||
| CVE-2023-25037 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact For… | |||
| CVE-2023-25026 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce:… | |||
| CVE-2023-23823 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a th… | |||
| CVE-2023-23725 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46. | |||
| CVE-2023-23716 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: … | |||
| CVE-2023-22708 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: fro… | |||
| CVE-2023-47828 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. | |||
| CVE-2023-40209 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. | |||
| CVE-2023-25030 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. | |||
| CVE-2023-44472 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28. | |||
| CVE-2023-6121 | medium | 4.3 | 4.3 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-52220 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. | |||
| CVE-2023-41864 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0. | |||
| CVE-2023-25043 | medium | 4.3 | 4.3 | 2y ago | Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25. | |||
| CVE-2023-51499 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | |||
| CVE-2023-49838 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTh… | |||
| CVE-2023-33923 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from … | |||
| CVE-2023-30480 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5. | |||
| CVE-2023-51525 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4. | |||
| CVE-2023-51692 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. | |||
| CVE-2023-23882 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | |||
| CVE-2023-34379 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | |||
| CVE-2023-49746 | medium | 4.3 | 4.3 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through… | |||
| CVE-2023-37890 | medium | 4.3 | 4.3 | 3y ago | Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subsc… | |||
| CVE-2023-47233 | medium | 4.3 | 4.3 | 3y ago | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers… | |||
| CVE-2023-2886 | medium | 4.3 | 4.3 | 3y ago | Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||
| CVE-2023-23992 | medium | 4.3 | 4.3 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | |||
| CVE-2023-7346 | medium | 4.0 | 4.0 | 18d ago | Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m… | |||
| CVE-2023-20867 | low | — | 4.0 | 3y ago | VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the… | |||
| CVE-2023-23814 | low | 3.8 | 3.8 | 2y ago | Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar… | |||
| CVE-2023-28168 | low | 3.7 | 3.7 | 2y ago | Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3… | |||
| CVE-2023-5831 | low | 3.7 | 3.7 | 3y ago | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.… | |||
| CVE-2023-38546 | low | 3.7 | 3.7 | 3y ago | multiple issues in libcurl-compat, curl, libcurl-gnutls | |||
| CVE-2023-22049 | low | 3.7 | 3.7 | 3y ago | Moderate: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2023-22045 | low | 3.7 | 3.7 | 3y ago | Moderate: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2023-22036 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-21968 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-24375 | low | 3.5 | 3.5 | 2y ago | Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2023-29333 | low | 3.3 | 3.3 | 3y ago | Microsoft Access Denial of Service Vulnerability | |||
| CVE-2023-5963 | low | 3.1 | 3.1 | 3y ago | An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Ad… | |||
| CVE-2023-22006 | low | 3.1 | 3.1 | 3y ago | RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-4752 | low | — | 2.5 | 1y ago | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | |||
| CVE-2023-2953 | low | — | 2.5 | 2y ago | RHSA-2024:4264: openldap security update (Low) | |||
| CVE-2023-52620 | low | 2.5 | 2.5 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-2975 | low | — | 2.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |||
| CVE-2023-1729 | low | — | 2.5 | 2y ago | Low: LibRaw security update | |||
| CVE-2023-32636 | low | — | 2.5 | 2y ago | Low: mingw-glib2 security update | |||
| CVE-2023-6918 | low | — | 2.5 | 2y ago | RHSA-2024:3233: libssh security update (Low) | |||
| CVE-2023-6004 | low | — | 2.5 | 2y ago | RHSA-2024:3233: libssh security update (Low) | |||
| CVE-2023-3446 | low | — | 2.5 | 2y ago | RHSA-2024:0888: edk2 security update (Low) | |||
| CVE-2023-3817 | low | — | 2.5 | 2y ago | RHSA-2023:7877: openssl security update (Low) | |||
| CVE-2023-3674 | low | — | 2.5 | 2y ago | Low: keylime security update | |||
| CVE-2023-32573 | low | — | 2.5 | 3y ago | QtSvg vulnerabilities | |||
| CVE-2023-32611 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-29499 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-32665 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-4016 | low | — | 2.5 | 3y ago | RHSA-2023:7187: procps-ng security update (Low) | |||
| CVE-2023-4641 | low | — | 2.5 | 3y ago | Low: shadow-utils security and bug fix update | |||
| CVE-2023-22745 | low | — | 2.5 | 3y ago | RHSA-2023:7166: tpm2-tss security and enhancement update (Low) | |||
| CVE-2023-2977 | low | — | 2.5 | 3y ago | RHSA-2023:7160: opensc security and bug fix update (Low) |