CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52202 | high | 7.2 | 7.2 | 2y ago | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: fr… | |||
| CVE-2023-52206 | high | 7.2 | 7.2 | 2y ago | Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. | |||
| CVE-2023-52205 | high | 7.2 | 7.2 | 2y ago | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0. | |||
| CVE-2023-52132 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6. | |||
| CVE-2023-52131 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator.This issue affects Page Generator: from n/a through 1.7.1. | |||
| CVE-2023-51547 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This iss… | |||
| CVE-2023-52134 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2. | |||
| CVE-2023-50837 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Lo… | |||
| CVE-2023-52135 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form … | |||
| CVE-2023-45751 | high | 7.2 | 7.2 | 3y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. | |||
| CVE-2023-40606 | high | 7.2 | 7.2 | 3y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | |||
| CVE-2023-50838 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Form… | |||
| CVE-2023-50847 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3. | |||
| CVE-2023-50846 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and … | |||
| CVE-2023-50845 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin… | |||
| CVE-2023-50844 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from… | |||
| CVE-2023-50843 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a thro… | |||
| CVE-2023-50855 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.This issue affects Pre* Party Resource Hints: from n/a throu… | |||
| CVE-2023-50854 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a b… | |||
| CVE-2023-50853 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets an… | |||
| CVE-2023-50852 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calenda… | |||
| CVE-2023-50851 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue a… | |||
| CVE-2023-50849 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool … | |||
| CVE-2023-50848 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0. | |||
| CVE-2023-50857 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation… | |||
| CVE-2023-50856 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Creat… | |||
| CVE-2023-32795 | high | 7.2 | 7.2 | 3y ago | Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | |||
| CVE-2023-49814 | high | 7.2 | 7.2 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.This issue affects Symbiostock: from n/a through 6.0.0. | |||
| CVE-2023-40204 | high | 7.2 | 7.2 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited… | |||
| CVE-2023-29102 | high | 7.2 | 7.2 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | |||
| CVE-2023-28170 | high | 7.2 | 7.2 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | |||
| CVE-2023-28491 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.… | |||
| CVE-2023-32128 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on y… | |||
| CVE-2023-47852 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.5. | |||
| CVE-2023-49764 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a thro… | |||
| CVE-2023-48764 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.Thi… | |||
| CVE-2023-48741 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8. | |||
| CVE-2023-48327 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This i… | |||
| CVE-2023-46154 | high | 7.2 | 7.2 | 3y ago | Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18. | |||
| CVE-2023-47530 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This is… | |||
| CVE-2023-33331 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a thr… | |||
| CVE-2023-48742 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injecti… | |||
| CVE-2023-23678 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy )… | |||
| CVE-2023-46823 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affect… | |||
| CVE-2023-46821 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Secu… | |||
| CVE-2023-40215 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotatio… | |||
| CVE-2023-38391 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a thr… | |||
| CVE-2023-32741 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact… | |||
| CVE-2023-34179 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2… | |||
| CVE-2023-32508 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Post… | |||
| CVE-2023-32121 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for Word… | |||
| CVE-2023-25047 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a thr… | |||
| CVE-2023-25045 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | |||
| CVE-2023-3375 | high | 7.2 | 7.2 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection. This issue affects Bookreen: before 3.0.0. | |||
| CVE-2023-48758 | high | 7.1 | 7.1 | 1y ago | Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4. | |||
| CVE-2023-46632 | high | 7.1 | 7.1 | 1y ago | Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3. | |||
| CVE-2023-49158 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.… | |||
| CVE-2023-52682 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on… | |||
| CVE-2023-34370 | high | 7.1 | 7.1 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects… | |||
| CVE-2023-39306 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a throu… | |||
| CVE-2023-28687 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magaz… | |||
| CVE-2023-45771 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from… | |||
| CVE-2023-49839 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme… | |||
| CVE-2023-5921 | high | 7.1 | 7.1 | 3y ago | Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396. | |||
| CVE-2023-1652 | high | 7.1 | 7.1 | 3y ago | A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a… | |||
| CVE-2023-23398 | high | 7.1 | 7.1 | 3y ago | Microsoft Excel Spoofing Vulnerability | |||
| CVE-2023-6931 | high | 7.0 | 7.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-6932 | high | 7.0 | 7.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-51767 | high | 7.0 | 7.0 | 3y ago | OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resi… | |||
| CVE-2023-36565 | high | 7.0 | 7.0 | 3y ago | Microsoft Office Graphics Elevation of Privilege Vulnerability | |||
| CVE-2023-45249 | unknown | — | 2.5 | 2y ago | Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords. | |||
| CVE-2023-43208 | unknown | — | 2.5 | 2y ago | NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request. | |||
| CVE-2023-7028 | unknown | — | 2.5 | 2y ago | GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultima… | |||
| CVE-2023-24955 | unknown | — | 2.5 | 2y ago | Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. | |||
| CVE-2023-48788 | unknown | — | 2.5 | 2y ago | Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests. | |||
| CVE-2023-22527 | unknown | — | 2.5 | 2y ago | Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution. | |||
| CVE-2023-46805 | unknown | — | 2.5 | 2y ago | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to ac… | |||
| CVE-2023-29357 | unknown | — | 2.5 | 2y ago | Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a netw… | |||
| CVE-2023-23752 | unknown | — | 2.5 | 2y ago | Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints. | |||
| CVE-2023-7101 | unknown | — | 2.5 | 3y ago | Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Num… | |||
| CVE-2023-49103 | unknown | — | 2.5 | 3y ago | ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials. | |||
| CVE-2023-1671 | unknown | — | 2.5 | 3y ago | Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. | |||
| CVE-2023-36845 | unknown | — | 2.5 | 3y ago | Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment var… | |||
| CVE-2023-22518 | unknown | — | 2.5 | 3y ago | Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact … | |||
| CVE-2023-46747 | unknown | — | 2.5 | 3y ago | F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network … | |||
| CVE-2023-46604 | unknown | — | 2.5 | 3y ago | Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class type… | |||
| CVE-2023-20273 | unknown | — | 2.5 | 3y ago | Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and writ… | |||
| CVE-2023-4966 | unknown | — | 2.5 | 3y ago | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, … | |||
| CVE-2023-20198 | unknown | — | 2.5 | 3y ago | Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. Th… | |||
| CVE-2023-22515 | unknown | — | 2.5 | 3y ago | Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. | |||
| CVE-2023-40044 | unknown | — | 2.5 | 3y ago | Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying oper… | |||
| CVE-2023-42793 | unknown | — | 2.5 | 3y ago | JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. | |||
| CVE-2023-38831 | unknown | — | 2.5 | 3y ago | RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive. | |||
| CVE-2023-38035 | unknown | — | 2.5 | 3y ago | Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to… | |||
| CVE-2023-3519 | unknown | — | 2.5 | 3y ago | Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. | |||
| CVE-2023-36874 | unknown | — | 2.5 | 3y ago | Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2023-33246 | unknown | — | 2.5 | 3y ago | Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using … | |||
| CVE-2023-20887 | unknown | — | 2.5 | 3y ago | VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in … | |||
| CVE-2023-34362 | unknown | — | 2.5 | 3y ago | Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engin… | |||
| CVE-2023-28771 | unknown | — | 2.5 | 3y ago | Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets t… |