LiveActive security incident?Get immediate response
CVE archive

2023 CVE Archive

Browse CVE records published in 2023 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 30595 matching CVEs · Page 1 of 612.

High · CVSS 7

CVE-2023-5574: Xorg-x11-server: use-after-free bug in damagedestroy

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Published Oct 25, 2023 · Updated Jul 11, 2026

High · CVSS 8.6

CVE-2023-2378: Ubiquiti EdgeRouter X Web Management command injection

A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown function of the component Web Management Interface. This manipulation of the argument suffix-rate-up causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor position is that post-authentication issues are not accepted as vulnerabilities.

Published Apr 28, 2023 · Updated Jul 9, 2026

High · CVSS 8.6

CVE-2023-2377: Ubiquiti EdgeRouter X Web Management command injection

A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The impacted element is an unknown function of the component Web Management Interface. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit is now public and may be used. There is ongoing doubt regarding the real existence of this vulnerability. The vendor position is that post-authentication issues are not accepted as vulnerabilities.

Published Apr 28, 2023 · Updated Jul 9, 2026

High · CVSS 8.6

CVE-2023-2376: Ubiquiti EdgeRouter X Web Management command injection

A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The affected element is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. There are still doubts about whether this vulnerability truly exists. The vendor position is that post-authentication issues are not accepted as vulnerabilities.

Published Apr 28, 2023 · Updated Jul 9, 2026

High · CVSS 8.6

CVE-2023-2375: Ubiquiti EdgeRouter X Web Management command injection

A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.

Published Apr 28, 2023 · Updated Jul 9, 2026

High · CVSS 8.6

CVE-2023-2374: Ubiquiti EdgeRouter X Web Management command injection

A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This issue affects some unknown processing of the component Web Management Interface. Performing a manipulation of the argument ecn-down results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The existence of this vulnerability is still disputed at present. The vendor position is that post-authentication issues are not accepted as vulnerabilities.

Published Apr 28, 2023 · Updated Jul 9, 2026

High · CVSS 8.6

CVE-2023-2373: Ubiquiti EdgeRouter X Web Management command injection

A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This vulnerability affects unknown code of the component Web Management Interface. Such manipulation of the argument ecn-up leads to command injection. The attack may be performed from remote. The exploit is publicly available and might be used. The actual existence of this vulnerability is currently in question. The vendor position is that post-authentication issues are not accepted as vulnerabilities.

Published Apr 28, 2023 · Updated Jul 9, 2026

High · CVSS 8.4

CVE-2023-52070: JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int ind...

JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

Published Apr 10, 2024 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2023-48193: Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrar...

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.

Published Nov 28, 2023 · Updated Jul 9, 2026