Total
29907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4922 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2026-06-17 | N/A | 9.8 CRITICAL |
| The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. | |||||
| CVE-2023-4898 | 1 Mintplexlabs | 1 Anything-llm | 2026-06-17 | N/A | 7.5 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | |||||
| CVE-2023-4895 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects | |||||
| CVE-2023-4809 | 1 Freebsd | 1 Freebsd | 2026-06-17 | N/A | 7.5 HIGH |
| In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is. As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host. | |||||
| CVE-2023-4804 | 1 Johnsoncontrols | 12 Quantum Hd Unity Acuair, Quantum Hd Unity Acuair Firmware, Quantum Hd Unity Compressor and 9 more | 2026-06-17 | N/A | 10.0 CRITICAL |
| An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | |||||
| CVE-2023-4749 | 1 Mayurik | 1 Inventory Management System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4700 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 3.5 LOW |
| An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | |||||
| CVE-2023-4640 | 1 Yugabyte | 1 Yugabytedb | 2026-06-17 | N/A | 6.5 MEDIUM |
| The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3 | |||||
| CVE-2023-4570 | 1 Ni | 1 Measurementlink | 2026-06-17 | N/A | 8.8 HIGH |
| An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. | |||||
| CVE-2023-4456 | 1 Redhat | 1 Openshift Logging | 2026-06-17 | N/A | 5.7 MEDIUM |
| A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached. | |||||
| CVE-2023-4417 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. | |||||
| CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2026-06-17 | N/A | 4.3 MEDIUM |
| Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-4369 | 1 Google | 2 Chrome, Chrome Os | 2026-06-17 | N/A | 8.8 HIGH |
| Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4258 | 1 Zephyrproject | 1 Zephyr | 2026-06-17 | N/A | 8.6 HIGH |
| In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | |||||
| CVE-2023-4237 | 1 Redhat | 2 Ansible Automation Platform, Ansible Collection | 2026-06-17 | N/A | 7.3 HIGH |
| A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. | |||||
| CVE-2023-4039 | 1 Gnu | 1 Gcc | 2026-06-17 | N/A | 4.8 MEDIUM |
| **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. | |||||
| CVE-2023-4018 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. | |||||
| CVE-2023-49961 | 1 Wallix | 2 Bastion, Bastion Access Manager | 2026-06-17 | N/A | 7.5 HIGH |
| WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. | |||||
| CVE-2023-49938 | 1 Schedmd | 1 Slurm | 2026-06-17 | N/A | 8.2 HIGH |
| An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7. | |||||
| CVE-2023-49722 | 1 Bosch | 6 Bcc101, Bcc101 Firmware, Bcc102 and 3 more | 2026-06-17 | N/A | 8.3 HIGH |
| Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. | |||||