Total
298660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6384 | 1 Wp-eventmanager | 1 User Profile Avatar | 2025-06-11 | N/A | 4.3 MEDIUM |
| The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar | |||||
| CVE-2023-6373 | 1 Artplacer | 1 Artplacer Widget | 2025-06-11 | N/A | 8.8 HIGH |
| The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above) | |||||
| CVE-2023-6340 | 1 Sonicwall | 2 Capture Client, Netextender | 2025-06-11 | N/A | 5.5 MEDIUM |
| SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. | |||||
| CVE-2023-6271 | 1 Backupbliss | 1 Backup Migration | 2025-06-11 | N/A | 7.5 HIGH |
| The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. | |||||
| CVE-2023-6029 | 1 Spider-themes | 1 Eazydocs | 2025-06-11 | N/A | 7.5 HIGH |
| The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections. | |||||
| CVE-2023-5943 | 1 Markusbegerow | 1 Wp-adv-quiz | 2025-06-11 | N/A | 4.8 MEDIUM |
| The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2023-5235 | 1 Kutethemes | 1 Ovic Responsive Wpbakery | 2025-06-11 | N/A | 8.8 HIGH |
| The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks. | |||||
| CVE-2023-5006 | 1 Sarveshmrao | 1 Wp Discord Invite | 2025-06-11 | N/A | 6.5 MEDIUM |
| The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request. | |||||
| CVE-2023-52325 | 1 Trendmicro | 1 Apex Central | 2025-06-11 | N/A | 7.5 HIGH |
| A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | |||||
| CVE-2023-52111 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-11 | N/A | 7.5 HIGH |
| Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2023-52102 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-11 | N/A | 7.5 HIGH |
| Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52098 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-11 | N/A | 7.5 HIGH |
| Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-52026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-06-11 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface | |||||
| CVE-2023-51702 | 1 Apache | 2 Airflow, Airflow Cncf Kubernetes | 2025-06-11 | N/A | 6.5 MEDIUM |
| Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. | |||||
| CVE-2023-50944 | 1 Apache | 1 Airflow | 2025-06-11 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. | |||||
| CVE-2023-4925 | 1 Yikesinc | 1 Easy Forms For Mailchimp | 2025-06-11 | N/A | 4.8 MEDIUM |
| The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2023-4797 | 1 Tribulant | 1 Newsletters | 2025-06-11 | N/A | 7.2 HIGH |
| The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. | |||||
| CVE-2023-4472 | 1 Objectplanet | 1 Opinio | 2025-06-11 | N/A | 9.8 CRITICAL |
| Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application. | |||||
| CVE-2023-49619 | 1 Apache | 1 Answer | 2025-06-11 | N/A | 3.1 LOW |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue. | |||||
| CVE-2023-49257 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-11 | N/A | 8.8 HIGH |
| An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. | |||||