CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6835 | unknown | — | — | 3y ago | WSO2 API Manager allows attackers to change the API rating | |||
| CVE-2023-29234 | unknown | — | — | 3y ago | Bypass serialize checks in Apache Dubbo | |||
| CVE-2023-46279 | unknown | — | — | 3y ago | Apache Dubbo: Bypass deny serialize list check in Apache Dubbo | |||
| CVE-2023-6563 | unknown | — | — | 3y ago | Allocation of Resources Without Limits in Keycloak | |||
| CVE-2023-50102 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalcms | |||
| CVE-2023-50101 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalcms | |||
| CVE-2023-50100 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalcms | |||
| CVE-2023-50137 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalcms | |||
| CVE-2023-46750 | unknown | — | — | 3y ago | Open redirect in Apache Shiro | |||
| CVE-2023-50769 | unknown | — | — | 3y ago | Jenkins Nexus Platform Plugin missing permission check | |||
| CVE-2023-50768 | unknown | — | — | 3y ago | Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-50779 | unknown | — | — | 3y ago | Missing permission check in Jenkins PaaSLane Estimate Plugin | |||
| CVE-2023-50774 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin | |||
| CVE-2023-50770 | unknown | — | — | 3y ago | Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin | |||
| CVE-2023-50778 | unknown | — | — | 3y ago | Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin | |||
| CVE-2023-50773 | unknown | — | — | 3y ago | Displayed in plain text by Dingding JSON Pusher Plugin | |||
| CVE-2023-50776 | unknown | — | — | 3y ago | Tokens stored in plain text by PaaSLane Estimate Plugin | |||
| CVE-2023-50764 | unknown | — | — | 3y ago | Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin | |||
| CVE-2023-50767 | unknown | — | — | 3y ago | Jenkins Nexus Platform Plugin missing permission check | |||
| CVE-2023-50771 | unknown | — | — | 3y ago | Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin | |||
| CVE-2023-50772 | unknown | — | — | 3y ago | Tokens stored in plain text by Dingding JSON Pusher Plugin | |||
| CVE-2023-50777 | unknown | — | — | 3y ago | Tokens stored in plain text by PaaSLane Estimate Plugin | |||
| CVE-2023-50765 | unknown | — | — | 3y ago | Missing permission check in Jenkins Scriptler Plugin | |||
| CVE-2023-50775 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin | |||
| CVE-2023-50766 | unknown | — | — | 3y ago | Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-47325 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-47326 | unknown | — | — | 3y ago | Cross Site Request Forgery in Silverpeas | |||
| CVE-2023-47322 | unknown | — | — | 3y ago | Cross Site Request Forgery in Silverpeas | |||
| CVE-2023-47323 | unknown | — | — | 3y ago | Missing access control in Silverpeas | |||
| CVE-2023-47321 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-47324 | unknown | — | — | 3y ago | Cross-site Scripting in silverpeas | |||
| CVE-2023-47327 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-47320 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-50422 | unknown | — | — | 3y ago | Improper JWT Signature Validation in SAP Security Services Library | |||
| CVE-2023-6379 | unknown | — | — | 3y ago | Alkacon OpenCMS XSS via Mercury template | |||
| CVE-2023-50449 | unknown | — | — | 3y ago | Directory Traversal in JFinalCMS | |||
| CVE-2023-6394 | unknown | — | — | 3y ago | Authorization bypass in Quarkus | |||
| CVE-2023-49487 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-49486 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-49485 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-50164 | unknown | — | — | 3y ago | Apache Struts vulnerable to path traversal | |||
| CVE-2023-6393 | unknown | — | — | 3y ago | Quarkus Cache Runtime exposes sensitive information to an unauthorized actor | |||
| CVE-2023-26154 | unknown | — | — | 3y ago | pubnub Insufficient Entropy vulnerability | |||
| CVE-2023-49280 | unknown | — | — | 3y ago | Data leak of password hash through change requests | |||
| CVE-2023-46674 | unknown | — | — | 3y ago | Elasticsearch-hadoop Unsafe Deserialization | |||
| CVE-2023-49383 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/tag/save | |||
| CVE-2023-49395 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/update | |||
| CVE-2023-49398 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/delete | |||
| CVE-2023-49396 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/save | |||
| CVE-2023-49446 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/nav/save | |||
| CVE-2023-49382 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/div/delete | |||
| CVE-2023-49381 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/div/update | |||
| CVE-2023-49447 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/nav/update | |||
| CVE-2023-49397 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus | |||
| CVE-2023-49448 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via admin/nav/delete | |||
| CVE-2023-49380 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete | |||
| CVE-2023-49378 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/form/save | |||
| CVE-2023-49374 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/slide/update | |||
| CVE-2023-49375 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update | |||
| CVE-2023-49377 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/tag/update | |||
| CVE-2023-49379 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save | |||
| CVE-2023-49373 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-49372 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-49376 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-41835 | unknown | — | — | 3y ago | Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability | |||
| CVE-2023-49093 | unknown | — | — | 3y ago | HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL | |||
| CVE-2023-48910 | unknown | — | — | 3y ago | Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download | |||
| CVE-2023-48967 | unknown | — | — | 3y ago | Solon is vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-6481 | unknown | — | — | 3y ago | Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data | |||
| CVE-2023-48887 | unknown | — | — | 3y ago | Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request | |||
| CVE-2023-49371 | unknown | — | — | 3y ago | RuoYi vulnerable to SQL injection vulnerability | |||
| CVE-2023-49735 | unknown | — | — | 3y ago | Apache Tiles: Unvalidated input may lead to path traversal and XXE | |||
| CVE-2023-4218 | unknown | — | — | 3y ago | Eclipse IDE XXE in eclipse.platform | |||
| CVE-2023-49733 | unknown | — | — | 3y ago | Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability | |||
| CVE-2023-49620 | unknown | — | — | 3y ago | Apache DolphinScheduler Missing Authorization vulnerability | |||
| CVE-2023-49674 | unknown | — | — | 3y ago | Jenkins NeuVector Vulnerability Scanner Plugin missing permission check | |||
| CVE-2023-49652 | unknown | — | — | 3y ago | Jenkins Google Compute Engine Plugin has incorrect permission checks | |||
| CVE-2023-49656 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin XML External Entity vulnerability | |||
| CVE-2023-49653 | unknown | — | — | 3y ago | Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-49654 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin missing permission checks | |||
| CVE-2023-49673 | unknown | — | — | 3y ago | Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-49655 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin cross-site request forgery vulnerability | |||
| CVE-2023-6378 | unknown | — | — | 3y ago | logback serialization vulnerability | |||
| CVE-2023-48848 | unknown | — | — | 3y ago | ureport arbitrary file read vulnerability | |||
| CVE-2023-34055 | unknown | — | — | 3y ago | Spring Boot Actuator denial of service vulnerability | |||
| CVE-2023-34054 | unknown | — | — | 3y ago | Reactor Netty HTTP Server denial of service vulnerability | |||
| CVE-2023-34053 | unknown | — | — | 3y ago | Spring Framework vulnerable to denial of service | |||
| CVE-2023-49145 | unknown | — | — | 3y ago | Improper Neutralization of Input in Advanced User Interface for Jolt | |||
| CVE-2023-49081 | unknown | — | — | 3y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create… | |||
| CVE-2023-49082 | unknown | — | — | 3y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even cre… | |||
| CVE-2023-49068 | unknown | — | — | 3y ago | Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability | |||
| CVE-2023-48796 | unknown | — | — | 3y ago | Apache DolphinScheduler sensitive information disclosure | |||
| CVE-2023-33202 | unknown | — | — | 3y ago | Bouncy Castle Denial of Service (DoS) | |||
| CVE-2023-43123 | unknown | — | — | 3y ago | Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files | |||
| CVE-2023-47467 | unknown | — | — | 3y ago | Directory Traversal in jeecg-boot | |||
| CVE-2023-46673 | unknown | — | — | 3y ago | Elasticsearch Improper Handling of Exceptional Conditions | |||
| CVE-2023-48293 | unknown | — | — | 3y ago | Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries | |||
| CVE-2023-48241 | unknown | — | — | 3y ago | Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service | |||
| CVE-2023-48240 | unknown | — | — | 3y ago | Cookies are sent to external images in rendered diff (and server side request forgery) | |||
| CVE-2023-40815 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX |