Total
35503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5876 | 1 Mattermost | 1 Mattermost Desktop | 2026-06-17 | N/A | 3.1 LOW |
| Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. | |||||
| CVE-2023-5870 | 2 Postgresql, Redhat | 16 Postgresql, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 13 more | 2026-06-17 | N/A | 2.2 LOW |
| A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. | |||||
| CVE-2023-5868 | 2 Postgresql, Redhat | 16 Postgresql, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 13 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. | |||||
| CVE-2023-5857 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2023-5850 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | |||||
| CVE-2023-5847 | 3 Linux, Microsoft, Tenable | 4 Linux Kernel, Windows, Nessus and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. | |||||
| CVE-2023-5845 | 1 Wpbrigade | 1 Simple Social Buttons | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags | |||||
| CVE-2023-5843 | 1 Datafeedr | 1 Ads By Datafeedr.com | 2026-06-17 | N/A | 9.0 CRITICAL |
| The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. | |||||
| CVE-2023-5831 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | |||||
| CVE-2023-5766 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2026-06-17 | N/A | 9.8 CRITICAL |
| A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. | |||||
| CVE-2023-5759 | 1 Perforce | 1 Helix Core | 2026-06-17 | N/A | 7.5 HIGH |
| In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. | |||||
| CVE-2023-5739 | 1 Hp | 4 Image Assistant, Pc Hardware Diagnostics, Thunderbolt Dock G2 and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. | |||||
| CVE-2023-5732 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |||||
| CVE-2023-5729 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 4.3 MEDIUM |
| A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. | |||||
| CVE-2023-5728 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |||||
| CVE-2023-5727 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |||||
| CVE-2023-5726 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |||||
| CVE-2023-5725 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |||||
| CVE-2023-5724 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |||||
| CVE-2023-5723 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 5.3 MEDIUM |
| An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | |||||