CVEs from 2023
Total
6,120
critical
critical 239
high
high 1,503
medium
medium 1,409
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2713 | critical | 9.8 | 9.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. Thi… | |||
| CVE-2023-2712 | critical | 9.8 | 9.8 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a… | |||
| CVE-2023-1873 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection. This issue affects Bircard: before 23.04.05. | |||
| CVE-2023-1723 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection. This issue affects Mobile Assistant: before 21.… | |||
| CVE-2023-1833 | critical | 9.8 | 9.8 | 3y ago | Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17. | |||
| CVE-2023-1803 | critical | 9.8 | 9.8 | 3y ago | Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17. | |||
| CVE-2023-1863 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection. This issue af… | |||
| CVE-2023-1728 | critical | 9.8 | 9.8 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection. This issue affects LMS: before 23.04.03. | |||
| CVE-2023-1765 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2. | |||
| CVE-2023-1725 | critical | 9.8 | 9.8 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery. This issue affects Project Management System: before 4.09.31.125. | |||
| CVE-2023-1050 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection. This issue affects Web Report System: befo… | |||
| CVE-2023-1153 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection. This issue affects… | |||
| CVE-2023-1152 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: befor… | |||
| CVE-2023-28531 | critical | 9.8 | 9.8 | 3y ago | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | |||
| CVE-2023-1198 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection. This issue affects Starcities: through 1.3. | |||
| CVE-2023-1091 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection… | |||
| CVE-2023-1251 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03. | |||
| CVE-2023-1267 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart. This issue affects PtteM Kart: before 2.1. | |||
| CVE-2023-0979 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection. This issue affects MedDataPACS : before 2023-03-03. | |||
| CVE-2023-0839 | critical | 9.8 | 9.8 | 3y ago | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting. This issue affects inSCADA: before 20230115-1. | |||
| CVE-2023-1114 | critical | 9.8 | 9.8 | 3y ago | Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation. This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100. | |||
| CVE-2023-1064 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection. This issue affects Weighbridge… | |||
| CVE-2023-0939 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection. This issue affects O… | |||
| CVE-2023-33150 | critical | 9.6 | 9.6 | 3y ago | Microsoft Office Security Feature Bypass Vulnerability | |||
| CVE-2023-43641 | critical | — | 9.5 | — | libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited… | |||
| CVE-2023-46846 | critical | — | 9.5 | 3y ago | RHSA-2023:7213: squid:4 security update (Critical) | |||
| CVE-2023-46848 | critical | — | 9.5 | 3y ago | Critical: squid security update | |||
| CVE-2023-46847 | critical | — | 9.5 | 3y ago | RHSA-2023:7213: squid:4 security update (Critical) | |||
| CVE-2023-45853 | critical | — | 9.5 | 3y ago | pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency | |||
| CVE-2023-29403 | critical | — | 9.5 | 3y ago | RHSA-2023:3922: go-toolset:rhel8 security update (Critical) | |||
| CVE-2023-29405 | critical | — | 9.5 | 3y ago | RHSA-2023:3922: go-toolset:rhel8 security update (Critical) | |||
| CVE-2023-29402 | critical | — | 9.5 | 3y ago | RHSA-2023:3922: go-toolset:rhel8 security update (Critical) | |||
| CVE-2023-29404 | critical | — | 9.5 | 3y ago | RHSA-2023:3922: go-toolset:rhel8 security update (Critical) | |||
| CVE-2023-28787 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.… | |||
| CVE-2023-24215 | critical | 9.1 | 9.1 | 17d ago | Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. | |||
| CVE-2023-47842 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | |||
| CVE-2023-29386 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | |||
| CVE-2023-49166 | critical | 9.1 | 9.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0. | |||
| CVE-2023-49161 | critical | 9.1 | 9.1 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2. | |||
| CVE-2023-20867 | low | — | 4.0 | 3y ago | VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the… | |||
| CVE-2023-23814 | low | 3.8 | 3.8 | 2y ago | Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar… | |||
| CVE-2023-28168 | low | 3.7 | 3.7 | 2y ago | Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3… | |||
| CVE-2023-5831 | low | 3.7 | 3.7 | 3y ago | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.… | |||
| CVE-2023-38546 | low | 3.7 | 3.7 | 3y ago | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application crea… | |||
| CVE-2023-22049 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4877: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2023-22045 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4176: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-22036 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-21968 | low | 3.7 | 3.7 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2023-24375 | low | 3.5 | 3.5 | 2y ago | Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2023-29333 | low | 3.3 | 3.3 | 3y ago | Microsoft Access Denial of Service Vulnerability | |||
| CVE-2023-5963 | low | 3.1 | 3.1 | 3y ago | An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Ad… | |||
| CVE-2023-22006 | low | 3.1 | 3.1 | 3y ago | RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2023-4752 | low | — | 2.5 | 1y ago | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | |||
| CVE-2023-2953 | low | — | 2.5 | 2y ago | RHSA-2024:4264: openldap security update (Low) | |||
| CVE-2023-52620 | low | 2.5 | 2.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. | |||
| CVE-2023-3446 | low | — | 2.5 | 2y ago | RHSA-2024:0888: edk2 security update (Low) | |||
| CVE-2023-6918 | low | — | 2.5 | 2y ago | RHSA-2024:3233: libssh security update (Low) | |||
| CVE-2023-6004 | low | — | 2.5 | 2y ago | RHSA-2024:3233: libssh security update (Low) | |||
| CVE-2023-2975 | low | — | 2.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |||
| CVE-2023-32636 | low | — | 2.5 | 2y ago | Low: mingw-glib2 security update | |||
| CVE-2023-3817 | low | — | 2.5 | 2y ago | RHSA-2023:7877: openssl security update (Low) | |||
| CVE-2023-1729 | low | — | 2.5 | 2y ago | Low: LibRaw security update | |||
| CVE-2023-3674 | low | — | 2.5 | 2y ago | Low: keylime security update | |||
| CVE-2023-32611 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-4641 | low | — | 2.5 | 3y ago | RHSA-2023:7112: shadow-utils security and bug fix update (Low) | |||
| CVE-2023-32573 | low | — | 2.5 | 3y ago | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | |||
| CVE-2023-22745 | low | — | 2.5 | 3y ago | RHSA-2023:7166: tpm2-tss security and enhancement update (Low) | |||
| CVE-2023-2977 | low | — | 2.5 | 3y ago | RHSA-2023:7160: opensc security and bug fix update (Low) | |||
| CVE-2023-4016 | low | — | 2.5 | 3y ago | RHSA-2023:7187: procps-ng security update (Low) | |||
| CVE-2023-29499 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update | |||
| CVE-2023-32665 | low | — | 2.5 | 3y ago | Low: glib2 security and bug fix update |