CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28165 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPre… | |||
| CVE-2023-27625 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0. | |||
| CVE-2023-25993 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3. | |||
| CVE-2023-25486 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. | |||
| CVE-2023-25067 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through… | |||
| CVE-2023-25037 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact For… | |||
| CVE-2023-25026 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce:… | |||
| CVE-2023-23823 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a th… | |||
| CVE-2023-23725 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46. | |||
| CVE-2023-23716 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: … | |||
| CVE-2023-22708 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: fro… | |||
| CVE-2023-47828 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. | |||
| CVE-2023-40209 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. | |||
| CVE-2023-25030 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. | |||
| CVE-2023-44472 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28. | |||
| CVE-2023-6121 | medium | 4.3 | 4.3 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-52220 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. | |||
| CVE-2023-41864 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0. | |||
| CVE-2023-25043 | medium | 4.3 | 4.3 | 2y ago | Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25. | |||
| CVE-2023-51499 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | |||
| CVE-2023-49838 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTh… | |||
| CVE-2023-33923 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from … | |||
| CVE-2023-30480 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5. | |||
| CVE-2023-51525 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4. | |||
| CVE-2023-51692 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. | |||
| CVE-2023-23882 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | |||
| CVE-2023-34379 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | |||
| CVE-2023-49746 | medium | 4.3 | 4.3 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through… | |||
| CVE-2023-37890 | medium | 4.3 | 4.3 | 3y ago | Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subsc… | |||
| CVE-2023-47233 | medium | 4.3 | 4.3 | 3y ago | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers… | |||
| CVE-2023-2886 | medium | 4.3 | 4.3 | 3y ago | Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||
| CVE-2023-23992 | medium | 4.3 | 4.3 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | |||
| CVE-2023-7346 | medium | 4.0 | 4.0 | 18d ago | Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m… | |||
| CVE-2023-20867 | low | — | 4.0 | 3y ago | VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the… | |||
| CVE-2023-23814 | low | 3.8 | 3.8 | 2y ago | Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar… | |||
| CVE-2023-28168 | low | 3.7 | 3.7 | 2y ago | Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3… | |||
| CVE-2023-5831 | low | 3.7 | 3.7 | 3y ago | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.… | |||
| CVE-2023-38546 | low | 3.7 | 3.7 | 3y ago | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application crea… | |||
| CVE-2023-22049 | low | 3.7 | 3.7 | 3y ago | Moderate: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2023-22036 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-22045 | low | 3.7 | 3.7 | 3y ago | Moderate: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2023-21968 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-24375 | low | 3.5 | 3.5 | 2y ago | Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2023-29333 | low | 3.3 | 3.3 | 3y ago | Microsoft Access Denial of Service Vulnerability | |||
| CVE-2023-5963 | low | 3.1 | 3.1 | 3y ago | An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Ad… | |||
| CVE-2023-22006 | low | 3.1 | 3.1 | 3y ago | RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-4752 | low | — | 2.5 | 1y ago | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | |||
| CVE-2023-45249 | unknown | — | 2.5 | 2y ago | Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords. | |||
| CVE-2023-2953 | low | — | 2.5 | 2y ago | RHSA-2024:4264: openldap security update (Low) | |||
| CVE-2023-43208 | unknown | — | 2.5 | 2y ago | NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request. | |||
| CVE-2023-7028 | unknown | — | 2.5 | 2y ago | GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultima… | |||
| CVE-2023-1729 | low | — | 2.5 | 2y ago | Low: LibRaw security update | |||
| CVE-2023-32636 | low | — | 2.5 | 2y ago | Low: mingw-glib2 security update | |||
| CVE-2023-3446 | low | — | 2.5 | 2y ago | RHSA-2024:0888: edk2 security update (Low) | |||
| CVE-2023-3817 | low | — | 2.5 | 2y ago | RHSA-2023:7877: openssl security update (Low) | |||
| CVE-2023-52620 | low | 2.5 | 2.5 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-6004 | low | — | 2.5 | 2y ago | RHSA-2024:3233: libssh security update (Low) | |||
| CVE-2023-2975 | low | — | 2.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |||
| CVE-2023-6918 | low | — | 2.5 | 2y ago | RHSA-2024:3233: libssh security update (Low) | |||
| CVE-2023-24955 | unknown | — | 2.5 | 2y ago | Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. | |||
| CVE-2023-48788 | unknown | — | 2.5 | 2y ago | Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests. | |||
| CVE-2023-3674 | low | — | 2.5 | 2y ago | Low: keylime security update | |||
| CVE-2023-22527 | unknown | — | 2.5 | 2y ago | Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution. | |||
| CVE-2023-46805 | unknown | — | 2.5 | 2y ago | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to ac… | |||
| CVE-2023-29357 | unknown | — | 2.5 | 2y ago | Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a netw… | |||
| CVE-2023-23752 | unknown | — | 2.5 | 2y ago | Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints. | |||
| CVE-2023-7101 | unknown | — | 2.5 | 3y ago | Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Num… | |||
| CVE-2023-49103 | unknown | — | 2.5 | 3y ago | ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials. | |||
| CVE-2023-1671 | unknown | — | 2.5 | 3y ago | Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. | |||
| CVE-2023-36845 | unknown | — | 2.5 | 3y ago | Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment var… | |||
| CVE-2023-32665 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-4641 | low | — | 2.5 | 3y ago | Low: shadow-utils security and bug fix update | |||
| CVE-2023-29499 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-4016 | low | — | 2.5 | 3y ago | RHSA-2023:7187: procps-ng security update (Low) | |||
| CVE-2023-32611 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-2977 | low | — | 2.5 | 3y ago | RHSA-2023:7160: opensc security and bug fix update (Low) | |||
| CVE-2023-22518 | unknown | — | 2.5 | 3y ago | Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact … | |||
| CVE-2023-32573 | low | — | 2.5 | 3y ago | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | |||
| CVE-2023-22745 | low | — | 2.5 | 3y ago | RHSA-2023:7166: tpm2-tss security and enhancement update (Low) | |||
| CVE-2023-46747 | unknown | — | 2.5 | 3y ago | F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network … | |||
| CVE-2023-46604 | unknown | — | 2.5 | 3y ago | Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class type… | |||
| CVE-2023-20273 | unknown | — | 2.5 | 3y ago | Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and writ… | |||
| CVE-2023-4966 | unknown | — | 2.5 | 3y ago | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, … | |||
| CVE-2023-20198 | unknown | — | 2.5 | 3y ago | Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. Th… | |||
| CVE-2023-40044 | unknown | — | 2.5 | 3y ago | Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying oper… | |||
| CVE-2023-22515 | unknown | — | 2.5 | 3y ago | Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. | |||
| CVE-2023-42793 | unknown | — | 2.5 | 3y ago | JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. | |||
| CVE-2023-38831 | unknown | — | 2.5 | 3y ago | RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive. | |||
| CVE-2023-38035 | unknown | — | 2.5 | 3y ago | Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to… | |||
| CVE-2023-3519 | unknown | — | 2.5 | 3y ago | Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. | |||
| CVE-2023-36874 | unknown | — | 2.5 | 3y ago | Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-33246 | unknown | — | 2.5 | 3y ago | Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using … | |||
| CVE-2023-20887 | unknown | — | 2.5 | 3y ago | VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in … | |||
| CVE-2023-34362 | unknown | — | 2.5 | 3y ago | Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engin… | |||
| CVE-2023-28771 | unknown | — | 2.5 | 3y ago | Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets t… | |||
| CVE-2023-2868 | unknown | — | 2.5 | 3y ago | Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection. | |||
| CVE-2023-32315 | unknown | — | 2.5 | 3y ago | Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users. | |||
| CVE-2023-29336 | unknown | — | 2.5 | 3y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. | |||
| CVE-2023-21839 | unknown | — | 2.5 | 3y ago | Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. | |||
| CVE-2023-1389 | unknown | — | 2.5 | 3y ago | TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution. |