2023 CVEs
31213 CVEs published in 2023. 3492 critical, 10298 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-25574 | Critical | 10.0 | 2025-02-25 | `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-lt… |
CVE-2023-4617 | Critical | 10.0 | 2024-12-19 | Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other… |
CVE-2023-41918 | Critical | 10.0 | 2024-07-02 | A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands po… |
CVE-2023-41917 | Critical | 10.0 | 2024-07-02 | Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell comm… |
CVE-2023-50029 | Critical | 10.0 | 2024-06-24 | PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary co… |
CVE-2023-3943 | Critical | 10.0 | 2024-05-21 | Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mec… |
CVE-2023-3941 | Critical | 10.0 | 2024-05-21 | Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affec… |
CVE-2023-3939 | Critical | 10.0 | 2024-05-21 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Inject… |
CVE-2023-51409 | Critical | 10.0 | 2024-04-12 | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a… |
CVE-2023-48426 | Critical | 10.0 | 2024-04-05 | u-boot bug that allows for u-boot shell and interrupt over UART |
CVE-2023-49815 | Critical | 10.0 | 2024-03-27 | Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. |
CVE-2023-23656 | Critical | 10.0 | 2024-03-26 | Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from… |
CVE-2023-45318 | Critical | 10.0 | 2024-02-20 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network p… |
CVE-2023-47143 | Critical | 10.0 | 2024-02-02 | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by… |
CVE-2023-49617 | Critical | 10.0 | 2024-02-01 | The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retr… |
CVE-2023-52221 | Critical | 10.0 | 2024-01-24 | Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inven… |
CVE-2023-7028 | Critical | 10.0 | 2024-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5… |
CVE-2023-51438 | Critical | 10.0 | 2024-01-09 | A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions… |
CVE-2023-52225 | Critical | 10.0 | 2024-01-08 | Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UG… |
CVE-2023-52218 | Critical | 10.0 | 2024-01-08 | Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: fro… |