LiveActive security incident?Get immediate response
CVE archive

May 2023

Browse CVE records published in May 2023, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 3342 matching CVEs · Page 3 of 67.

Unknown · CVSS Not scored

CVE-2023-52697: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL sof_sdw_rt_sdca_jack_exit() are used by different codecs, and some of them use the same dai name. For example, rt712 and rt713 both use "rt712-sdca-aif1" and sof_sdw_rt_sdca_jack_exit(). As a result, sof_sdw_rt_sdca_jack_exit() will be called twice by mc_dailink_exit_loop(). Set ctx->headset_codec_dev = NULL; after put_device(ctx->headset_codec_dev); to avoid ctx->headset_codec_dev being put twice.

Published May 17, 2024 · Updated May 11, 2026

Critical · CVSS 9.8

CVE-2023-46453: Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control...

Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-MT2500 GL-AXT1800 GL-X3000 and GL-SFT1200.

Published May 8, 2026 · Updated May 8, 2026

High · CVSS 8.7

CVE-2023-54347: OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

Published May 5, 2026 · Updated May 6, 2026

Critical · CVSS 9.8

CVE-2023-54342: Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.

Published May 5, 2026 · Updated May 5, 2026

Critical · CVSS 9.8

CVE-2023-54344: Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.

Published May 5, 2026 · Updated May 5, 2026

High · CVSS 8.8

CVE-2023-54348: ERPGo SaaS 3.9 CSV Injection via Vendor Creation

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in spreadsheet applications.

Published May 5, 2026 · Updated May 5, 2026

High · CVSS 8.8

CVE-2023-54345: Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi_frame attribute to traverse the call stack and invoke os.popen to execute system commands.

Published May 5, 2026 · Updated May 5, 2026