CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30464 | unknown | — | — | 2y ago | CoreDNS Cache Poisoning via a birthday attack | |||
| CVE-2023-6841 | unknown | — | — | 2y ago | Keycloak Denial of Service vulnerability | |||
| CVE-2023-49198 | unknown | — | — | 2y ago | Apache SeaTunnel SQL Injection vulnerability | |||
| CVE-2023-42809 | unknown | — | — | 2y ago | Redisson vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-45146 | unknown | — | — | 2y ago | XXL-RPC Deserialization of Untrusted Data vulnerability | |||
| CVE-2023-28857 | unknown | — | — | 2y ago | Apereo CAS vulnerable to credential leaks for LDAP authentication | |||
| CVE-2023-48396 | unknown | — | — | 2y ago | Apache SeaTunnel Web Authentication vulnerability | |||
| CVE-2023-49921 | unknown | — | — | 2y ago | Elasticsearch Insertion of Sensitive Information into Log File | |||
| CVE-2023-48362 | unknown | — | — | 2y ago | XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill | |||
| CVE-2023-7272 | unknown | — | — | 2y ago | Eclipse Parsson stack overflow when parsing deeply nested input | |||
| CVE-2023-52291 | unknown | — | — | 2y ago | Apache StreamPark: Unchecked maven build params could trigger remote command execution | |||
| CVE-2023-49566 | unknown | — | — | 2y ago | Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability | |||
| CVE-2023-41916 | unknown | — | — | 2y ago | Apache Linkis DataSource allows arbitrary file reading | |||
| CVE-2023-46801 | unknown | — | — | 2y ago | Apache Linkis DataSource remote code execution vulnerability | |||
| CVE-2023-46442 | unknown | — | — | 2y ago | Soot Infinite Loop vulnerability | |||
| CVE-2023-35701 | unknown | — | — | 2y ago | Apache Hive Code Injection vulnerability | |||
| CVE-2023-46565 | unknown | — | — | 2y ago | Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go. | |||
| CVE-2023-0657 | unknown | — | — | 2y ago | Keycloak vulnerable to impersonation via logout token exchange | |||
| CVE-2023-6787 | unknown | — | — | 2y ago | Keycloak vulnerable to session hijacking via re-authentication | |||
| CVE-2023-6484 | unknown | — | — | 2y ago | Keycloak vulnerable to log Injection during WebAuthn authentication or registration | |||
| CVE-2023-6544 | unknown | — | — | 2y ago | Keycloak Authorization Bypass vulnerability | |||
| CVE-2023-3597 | unknown | — | — | 2y ago | Keycloak secondary factor bypass in step-up authentication | |||
| CVE-2023-6236 | unknown | — | — | 2y ago | WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log | |||
| CVE-2023-5685 | unknown | — | — | 2y ago | XNIO denial of service vulnerability | |||
| CVE-2023-51445 | unknown | — | — | 2y ago | Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API | |||
| CVE-2023-51444 | unknown | — | — | 2y ago | Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API | |||
| CVE-2023-41877 | unknown | — | — | 2y ago | GeoServer log file path traversal vulnerability | |||
| CVE-2023-50740 | unknown | — | — | 2y ago | Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged | |||
| CVE-2023-50378 | unknown | — | — | 2y ago | Apache Ambari: Various Cross site scripting problems | |||
| CVE-2023-51775 | unknown | — | — | 2y ago | jose4j denial of service via specifically crafted JWE | |||
| CVE-2023-45859 | unknown | — | — | 2y ago | Missing permission checks on Hazelcast client protocol | |||
| CVE-2023-50380 | unknown | — | — | 2y ago | Apache Ambari XML External Entity injection | |||
| CVE-2023-51747 | unknown | — | — | 2y ago | SMTP smuggling in Apache James | |||
| CVE-2023-50379 | unknown | — | — | 2y ago | Apache Ambari: authenticated users could perform command injection to perform RCE | |||
| CVE-2023-51518 | unknown | — | — | 2y ago | Apache James server: Privilege escalation via JMX pre-authentication deserialization | |||
| CVE-2023-47795 | unknown | — | — | 2y ago | Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | |||
| CVE-2023-42496 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-40191 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-42498 | unknown | — | — | 2y ago | Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting | |||
| CVE-2023-51770 | unknown | — | — | 2y ago | Arbitrary File Read Vulnerability in Apache Dolphinscheduler | |||
| CVE-2023-49250 | unknown | — | — | 2y ago | Improper Certificate Validation in Apache DolphinScheduler | |||
| CVE-2023-50270 | unknown | — | — | 2y ago | Session Fixation Apache DolphinScheduler | |||
| CVE-2023-49109 | unknown | — | — | 2y ago | Remote Code Execution in Apache Dolphinscheduler | |||
| CVE-2023-44308 | unknown | — | — | 2y ago | Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page | |||
| CVE-2023-5190 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page | |||
| CVE-2023-45860 | unknown | — | — | 2y ago | Hazelcast Platform permission checking in CSV File Source connector | |||
| CVE-2023-52428 | unknown | — | — | 2y ago | Denial of Service in Connect2id Nimbus JOSE+JWT | |||
| CVE-2023-50292 | unknown | — | — | 2y ago | Apache Solr Schema Designer blindly "trusts" all configsets | |||
| CVE-2023-50291 | unknown | — | — | 2y ago | Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies | |||
| CVE-2023-50298 | unknown | — | — | 2y ago | Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds | |||
| CVE-2023-47798 | unknown | — | — | 2y ago | Liferay Portal's account lockout does not invalidate existing user sessions | |||
| CVE-2023-39196 | unknown | — | — | 2y ago | Apache Ozone Improper Authentication vulnerability | |||
| CVE-2023-51437 | unknown | — | — | 2y ago | Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability | |||
| CVE-2023-34042 | unknown | — | — | 2y ago | Spring Security's spring-security.xsd file is world writable | |||
| CVE-2023-51982 | unknown | — | — | 2y ago | CrateDB authentication bypass vulnerability | |||
| CVE-2023-29055 | unknown | — | — | 2y ago | Apache Kylin has Insufficiently Protected Credentials | |||
| CVE-2023-6267 | unknown | — | — | 2y ago | Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability | |||
| CVE-2023-6927 | unknown | — | — | 2y ago | keycloak-core: open redirect via "form_post.jwt" JARM response mode | |||
| CVE-2023-51282 | unknown | — | — | 2y ago | Code injection in mingSoft MCMS | |||
| CVE-2023-46226 | unknown | — | — | 2y ago | Remote Code Execution vulnerability in Apache IoTDB via UDF | |||
| CVE-2023-50290 | unknown | — | — | 2y ago | Apache Solr allows read access to host environmet variables | |||
| CVE-2023-46749 | unknown | — | — | 2y ago | Apache Shiro vulnerable to path traversal | |||
| CVE-2023-49569 | unknown | — | — | 2y ago | A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, rem… | |||
| CVE-2023-6149 | unknown | — | — | 2y ago | Qualys Jenkins Plugin for WAS XML External Entity vulnerability | |||
| CVE-2023-6147 | unknown | — | — | 2y ago | Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability | |||
| CVE-2023-6148 | unknown | — | — | 2y ago | Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability | |||
| CVE-2023-51441 | unknown | — | — | 2y ago | Apache Axis Improper Input Validation vulnerability | |||
| CVE-2023-51784 | unknown | — | — | 3y ago | Apache InLong Manager Remote Code Execution vulnerability | |||
| CVE-2023-51785 | unknown | — | — | 3y ago | Apache InLong Manager Arbitrary File Read Vulnerability | |||
| CVE-2023-26159 | unknown | — | — | 3y ago | follow-redirects vulnerabilities | |||
| CVE-2023-49299 | unknown | — | — | 3y ago | Apache DolphinScheduler: Arbitrary js execute as root for authenticated users | |||
| CVE-2023-50578 | unknown | — | — | 3y ago | Mingsoft MCMS SQL injection | |||
| CVE-2023-41544 | unknown | — | — | 3y ago | JeecgBoot server-side template injection | |||
| CVE-2023-41542 | unknown | — | — | 3y ago | Jeecg Boot SQL injection vulnerability | |||
| CVE-2023-41543 | unknown | — | — | 3y ago | Jeecg Boot SQL Injection | |||
| CVE-2023-3628 | unknown | — | — | 3y ago | Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions | |||
| CVE-2023-3629 | unknown | — | — | 3y ago | Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions | |||
| CVE-2023-50571 | unknown | — | — | 3y ago | easy-rules-mvel vulnerable to remote code execution | |||
| CVE-2023-50570 | unknown | — | — | 3y ago | IPAddress Infinite Loop vulnerability (Disputed) | |||
| CVE-2023-7148 | unknown | — | — | 3y ago | ShifuML shifu code injection vulnerability | |||
| CVE-2023-5236 | unknown | — | — | 3y ago | Infinispan circular object references causes out of memory errors | |||
| CVE-2023-5384 | unknown | — | — | 3y ago | Infinispan caches credentials in clear text | |||
| CVE-2023-51079 | unknown | — | — | 3y ago | mvel2 TimeOut error exists in the ParseTools.subCompileExpression method | |||
| CVE-2023-51084 | unknown | — | — | 3y ago | hyavijava stack overflow vulnerability | |||
| CVE-2023-51075 | unknown | — | — | 3y ago | hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function | |||
| CVE-2023-51080 | unknown | — | — | 3y ago | hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method | |||
| CVE-2023-51074 | unknown | — | — | 3y ago | json-path Out-of-bounds Write vulnerability | |||
| CVE-2023-49568 | unknown | — | — | 3y ago | A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted res… | |||
| CVE-2023-27150 | unknown | — | — | 3y ago | OpenCRX Cross-site Scripting vulnerability | |||
| CVE-2023-6911 | unknown | — | — | 3y ago | WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability | |||
| CVE-2023-6291 | unknown | — | — | 3y ago | The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted | |||
| CVE-2023-51656 | unknown | — | — | 3y ago | Apache IoTDB: Unsafe deserialize map in Sync Tool | |||
| CVE-2023-46131 | unknown | — | — | 3y ago | Grails data binding causes JVM crash and/or other denial of service | |||
| CVE-2023-37544 | unknown | — | — | 3y ago | Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability | |||
| CVE-2023-50732 | unknown | — | — | 3y ago | Velocity execution without script right through tree macro | |||
| CVE-2023-50730 | unknown | — | — | 3y ago | Grackle has StackOverflowError in GraphQL query processing | |||
| CVE-2023-6134 | unknown | — | — | 3y ago | Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri | |||
| CVE-2023-6886 | unknown | — | — | 3y ago | Xnx3 Wangmarket Cross-Site Scripting vulnerability | |||
| CVE-2023-50723 | unknown | — | — | 3y ago | Remote code execution/programming rights with configuration section from any user account | |||
| CVE-2023-50722 | unknown | — | — | 3y ago | XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass |