CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47320 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-50422 | unknown | — | — | 3y ago | Improper JWT Signature Validation in SAP Security Services Library | |||
| CVE-2023-6379 | unknown | — | — | 3y ago | Alkacon OpenCMS XSS via Mercury template | |||
| CVE-2023-50449 | unknown | — | — | 3y ago | Directory Traversal in JFinalCMS | |||
| CVE-2023-6394 | unknown | — | — | 3y ago | Authorization bypass in Quarkus | |||
| CVE-2023-49487 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-49486 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-49485 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-50164 | unknown | — | — | 3y ago | Apache Struts vulnerable to path traversal | |||
| CVE-2023-6393 | unknown | — | — | 3y ago | Quarkus Cache Runtime exposes sensitive information to an unauthorized actor | |||
| CVE-2023-26154 | unknown | — | — | 3y ago | pubnub Insufficient Entropy vulnerability | |||
| CVE-2023-49280 | unknown | — | — | 3y ago | Data leak of password hash through change requests | |||
| CVE-2023-46674 | unknown | — | — | 3y ago | Elasticsearch-hadoop Unsafe Deserialization | |||
| CVE-2023-49447 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/nav/update | |||
| CVE-2023-49397 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus | |||
| CVE-2023-49446 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/nav/save | |||
| CVE-2023-49382 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/div/delete | |||
| CVE-2023-49448 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via admin/nav/delete | |||
| CVE-2023-49383 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/tag/save | |||
| CVE-2023-49395 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/update | |||
| CVE-2023-49398 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/delete | |||
| CVE-2023-49381 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/div/update | |||
| CVE-2023-49396 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/save | |||
| CVE-2023-49376 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-49379 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save | |||
| CVE-2023-49380 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete | |||
| CVE-2023-49373 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-49378 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/form/save | |||
| CVE-2023-49377 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/tag/update | |||
| CVE-2023-49374 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/slide/update | |||
| CVE-2023-49372 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-49375 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update | |||
| CVE-2023-41835 | unknown | — | — | 3y ago | Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability | |||
| CVE-2023-49093 | unknown | — | — | 3y ago | HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL | |||
| CVE-2023-48910 | unknown | — | — | 3y ago | Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download | |||
| CVE-2023-48967 | unknown | — | — | 3y ago | Solon is vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-6481 | unknown | — | — | 3y ago | Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data | |||
| CVE-2023-48887 | unknown | — | — | 3y ago | Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request | |||
| CVE-2023-49371 | unknown | — | — | 3y ago | RuoYi vulnerable to SQL injection vulnerability | |||
| CVE-2023-49735 | unknown | — | — | 3y ago | Apache Tiles: Unvalidated input may lead to path traversal and XXE | |||
| CVE-2023-4218 | unknown | — | — | 3y ago | Eclipse IDE XXE in eclipse.platform | |||
| CVE-2023-49733 | unknown | — | — | 3y ago | Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability | |||
| CVE-2023-49620 | unknown | — | — | 3y ago | Apache DolphinScheduler Missing Authorization vulnerability | |||
| CVE-2023-49653 | unknown | — | — | 3y ago | Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-49656 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin XML External Entity vulnerability | |||
| CVE-2023-49673 | unknown | — | — | 3y ago | Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-49654 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin missing permission checks | |||
| CVE-2023-49674 | unknown | — | — | 3y ago | Jenkins NeuVector Vulnerability Scanner Plugin missing permission check | |||
| CVE-2023-49652 | unknown | — | — | 3y ago | Jenkins Google Compute Engine Plugin has incorrect permission checks | |||
| CVE-2023-49655 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin cross-site request forgery vulnerability | |||
| CVE-2023-6378 | unknown | — | — | 3y ago | logback serialization vulnerability | |||
| CVE-2023-48848 | unknown | — | — | 3y ago | ureport arbitrary file read vulnerability | |||
| CVE-2023-34054 | unknown | — | — | 3y ago | Reactor Netty HTTP Server denial of service vulnerability | |||
| CVE-2023-34053 | unknown | — | — | 3y ago | Spring Framework vulnerable to denial of service | |||
| CVE-2023-34055 | unknown | — | — | 3y ago | Spring Boot Actuator denial of service vulnerability | |||
| CVE-2023-49145 | unknown | — | — | 3y ago | Improper Neutralization of Input in Advanced User Interface for Jolt | |||
| CVE-2023-49081 | unknown | — | — | 3y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create… | |||
| CVE-2023-49082 | unknown | — | — | 3y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even cre… | |||
| CVE-2023-49068 | unknown | — | — | 3y ago | Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability | |||
| CVE-2023-48796 | unknown | — | — | 3y ago | Apache DolphinScheduler sensitive information disclosure | |||
| CVE-2023-33202 | unknown | — | — | 3y ago | Bouncy Castle Denial of Service (DoS) | |||
| CVE-2023-43123 | unknown | — | — | 3y ago | Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files | |||
| CVE-2023-47467 | unknown | — | — | 3y ago | Directory Traversal in jeecg-boot | |||
| CVE-2023-46673 | unknown | — | — | 3y ago | Elasticsearch Improper Handling of Exceptional Conditions | |||
| CVE-2023-48293 | unknown | — | — | 3y ago | Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries | |||
| CVE-2023-48241 | unknown | — | — | 3y ago | Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service | |||
| CVE-2023-48240 | unknown | — | — | 3y ago | Cookies are sent to external images in rendered diff (and server side request forgery) | |||
| CVE-2023-40817 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX | |||
| CVE-2023-40816 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX | |||
| CVE-2023-40814 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX | |||
| CVE-2023-40813 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX | |||
| CVE-2023-40815 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX | |||
| CVE-2023-40810 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX | |||
| CVE-2023-40809 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX | |||
| CVE-2023-40812 | unknown | — | — | 3y ago | Cross-site Scripting in OpenCRX | |||
| CVE-2023-47797 | unknown | — | — | 3y ago | Liferay Portal XSS with `p_l_back_url_title` on edit content page | |||
| CVE-2023-40314 | unknown | — | — | 3y ago | OpenNMS Cross-site Scripting vulnerability | |||
| CVE-2023-48222 | unknown | — | — | 3y ago | Authenticated Rundeck users can view or delete jobs they do not have authorization for. | |||
| CVE-2023-47112 | unknown | — | — | 3y ago | Authenticated users can view job names and groups they do not have authorization to view | |||
| CVE-2023-6038 | unknown | — | — | 3y ago | H2O local file inclusion vulnerability | |||
| CVE-2023-26031 | unknown | — | — | 3y ago | Apache Hadoop allows local user to gain root privileges | |||
| CVE-2023-5720 | unknown | — | — | 3y ago | Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain | |||
| CVE-2023-48088 | unknown | — | — | 3y ago | xxl-job-admin vulnerable to Cross Site Scripting | |||
| CVE-2023-48089 | unknown | — | — | 3y ago | xxl-job-admin vulnerable to Remote Code Execution | |||
| CVE-2023-5245 | unknown | — | — | 3y ago | Zip slip in mleap | |||
| CVE-2023-48087 | unknown | — | — | 3y ago | xxl-job-admin vulnerable to Insecure Permissions | |||
| CVE-2023-34062 | unknown | — | — | 3y ago | In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack | |||
| CVE-2023-5072 | unknown | — | — | 3y ago | Java: DoS Vulnerability in JSON-JAVA | |||
| CVE-2023-47627 | unknown | — | — | 3y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parse… | |||
| CVE-2023-47641 | unknown | — | — | 3y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protoc… | |||
| CVE-2023-47122 | unknown | — | — | 3y ago | Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the loc… | |||
| CVE-2023-46735 | unknown | — | — | 3y ago | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` return… | |||
| CVE-2023-46734 | unknown | — | — | 3y ago | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Tw… | |||
| CVE-2023-46733 | unknown | — | — | 3y ago | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListene… | |||
| CVE-2023-46446 | unknown | — | — | 3y ago | An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | |||
| CVE-2023-46445 | unknown | — | — | 3y ago | An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." | |||
| CVE-2023-46737 | unknown | — | — | 3y ago | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high num… | |||
| CVE-2023-46732 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu | |||
| CVE-2023-46731 | unknown | — | — | 3y ago | XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest | |||
| CVE-2023-39913 | unknown | — | — | 3y ago | Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability |