2023 CVEs

31213 CVEs published in 2023. 3492 critical, 10298 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2023
CVESeverityScorePublishedSummary
CVE-2023-25574Critical10.02025-02-25`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-lt…
CVE-2023-4617Critical10.02024-12-19Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other…
CVE-2023-41918Critical10.02024-07-02A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands po…
CVE-2023-41917Critical10.02024-07-02Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell comm…
CVE-2023-50029Critical10.02024-06-24PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary co…
CVE-2023-3943Critical10.02024-05-21Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mec…
CVE-2023-3941Critical10.02024-05-21Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affec…
CVE-2023-3939Critical10.02024-05-21Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Inject…
CVE-2023-51409Critical10.02024-04-12Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a…
CVE-2023-48426Critical10.02024-04-05u-boot bug that allows for u-boot shell and interrupt over UART
CVE-2023-49815Critical10.02024-03-27Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.
CVE-2023-23656Critical10.02024-03-26Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from…
CVE-2023-45318Critical10.02024-02-20A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network p…
CVE-2023-47143Critical10.02024-02-02IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by…
CVE-2023-49617Critical10.02024-02-01 The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retr…
CVE-2023-52221Critical10.02024-01-24Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inven…
CVE-2023-7028Critical10.02024-01-12An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5…
CVE-2023-51438Critical10.02024-01-09A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions…
CVE-2023-52225Critical10.02024-01-08Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UG…
CVE-2023-52218Critical10.02024-01-08Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: fro…