LiveActive security incident?Get immediate response
CVE archive

August 2023

Browse CVE records published in August 2023, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 2311 matching CVEs · Page 2 of 47.

Medium · CVSS 5.9

CVE-2023-32253: Kernel: deadlock in ksmbd_find_crypto_ctx()

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service.

Published Aug 2, 2025 · Updated Jun 29, 2026

Medium · CVSS 5.3

CVE-2023-4008: Incorrect Ownership Assignment in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

Published Aug 3, 2023 · Updated Jun 2, 2026

Medium · CVSS 5.3

CVE-2023-4002: Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.

Published Aug 4, 2023 · Updated Jun 2, 2026

High · CVSS 7.8

CVE-2023-38231: ZDI-CAN-21334: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published Aug 10, 2023 · Updated May 28, 2026

Critical · CVSS 9.8

CVE-2023-3386: SQLi in a2 Camera Trap Tracking System

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection. This issue affects Camera Trap Tracking System: before 3.1905.

Published Aug 8, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-3522: SQLi in a2 License Portal System

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection. This issue affects License Portal System: before 1.48.

Published Aug 8, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-3716: SQLi in Oduyo Online Collection Software

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection. This issue affects Online Collection Software: before 1.0.1.

Published Aug 8, 2023 · Updated May 21, 2026

Critical · CVSS 9.8

CVE-2023-3717: SQLi in Farmakoms Remote Administration Console

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02.

Published Aug 8, 2023 · Updated May 21, 2026

Critical · CVSS 9.8

CVE-2023-3898: SQLi in mAyaNets E-Commerce Software

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 1.1.

Published Aug 8, 2023 · Updated May 21, 2026

Critical · CVSS 10

CVE-2023-7309: Dahua Smart Park Integrated Management Platform Front-End Arbitrary File Upload

A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files to the server via crafted SOAP requests, including executable JSP payloads. Successful exploitation may lead to remote code execution (RCE) and full compromise of the affected system. The vulnerability is presumed to affect builds released prior to September 2023 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-02-15 UTC.

Published Aug 27, 2025 · Updated May 15, 2026