CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-43668 | unknown | — | — | 3y ago | Authorization Bypass in Apache InLong | |||
| CVE-2023-43666 | unknown | — | — | 3y ago | Insufficient Verification of Data Authenticity in Apache InLong | |||
| CVE-2023-43667 | unknown | — | — | 3y ago | SQL Injection in Apache InLong | |||
| CVE-2023-44981 | unknown | — | — | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper | |||
| CVE-2023-36478 | unknown | — | — | 3y ago | HTTP/2 HPACK integer overflow and buffer allocation | |||
| CVE-2023-36566 | unknown | — | — | 3y ago | Microsoft Common Data Model SDK Denial of Service Vulnerability | |||
| CVE-2023-25822 | unknown | — | — | 3y ago | Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal | |||
| CVE-2023-43643 | unknown | — | — | 3y ago | mXSS in AntiSamy | |||
| CVE-2023-45303 | unknown | — | — | 3y ago | ThingsBoard Server-Side Template Injection | |||
| CVE-2023-36820 | unknown | — | — | 3y ago | io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud | |||
| CVE-2023-1584 | unknown | — | — | 3y ago | Quarkus OIDC can leak both ID and access tokens | |||
| CVE-2023-4586 | unknown | — | — | 3y ago | Withdrawn Advisory: Netty-handler does not validate host names by default | |||
| CVE-2023-44270 | unknown | — | — | 3y ago | An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains part… | |||
| CVE-2023-43655 | unknown | — | — | 3y ago | Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code exec… | |||
| CVE-2023-39410 | unknown | — | — | 3y ago | Apache Avro Java SDK vulnerable to Improper Input Validation | |||
| CVE-2023-3223 | unknown | — | — | 3y ago | Undertow vulnerable to denial of service | |||
| CVE-2023-43642 | unknown | — | — | 3y ago | snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact | |||
| CVE-2023-40989 | unknown | — | — | 3y ago | SQL injection in jeecgboot | |||
| CVE-2023-42810 | unknown | — | — | 3y ago | systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.… | |||
| CVE-2023-43502 | unknown | — | — | 3y ago | Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-43498 | unknown | — | — | 3y ago | Jenkins temporary uploaded file created with insecure permissions | |||
| CVE-2023-43494 | unknown | — | — | 3y ago | Jenkins does not exclude sensitive build variables from search | |||
| CVE-2023-43496 | unknown | — | — | 3y ago | Jenkins temporary plugin file created with insecure permissions | |||
| CVE-2023-43495 | unknown | — | — | 3y ago | Jenkins Cross-site Scripting vulnerability | |||
| CVE-2023-43500 | unknown | — | — | 3y ago | Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-43497 | unknown | — | — | 3y ago | Jenkins temporary uploaded file created with insecure permissions | |||
| CVE-2023-43501 | unknown | — | — | 3y ago | Jenkins Build Failure Analyzer Plugin missing permission check | |||
| CVE-2023-4853 | unknown | — | — | 3y ago | Quarkus HTTP vulnerable to incorrect evaluation of permissions | |||
| CVE-2023-34047 | unknown | — | — | 3y ago | Spring for GraphQL may be exposed to GraphQL context with values from a different session | |||
| CVE-2023-4759 | unknown | — | — | 3y ago | Arbitrary File Overwrite in Eclipse JGit | |||
| CVE-2023-41900 | unknown | — | — | 3y ago | Jetty's OpenId Revoked authentication allows one request | |||
| CVE-2023-40167 | unknown | — | — | 3y ago | Jetty accepts "+" prefixed value in Content-Length | |||
| CVE-2023-36479 | unknown | — | — | 3y ago | Jetty vulnerable to errant command quoting in CGI Servlet | |||
| CVE-2023-1108 | unknown | — | — | 3y ago | Undertow denial of service vulnerability | |||
| CVE-2023-42503 | unknown | — | — | 3y ago | Apache Commons Compress denial of service vulnerability | |||
| CVE-2023-26141 | unknown | — | — | 3y ago | Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipu… | |||
| CVE-2023-4918 | unknown | — | — | 3y ago | Keycloak vulnerable to Plaintext Storage of User Password | |||
| CVE-2023-41887 | unknown | — | — | 3y ago | OpenRefine Remote Code execution in project import with mysql jdbc url attack | |||
| CVE-2023-41886 | unknown | — | — | 3y ago | OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack | |||
| CVE-2023-42276 | unknown | — | — | 3y ago | hutool Buffer Overflow vulnerability | |||
| CVE-2023-42277 | unknown | — | — | 3y ago | hutool Buffer Overflow vulnerability | |||
| CVE-2023-42278 | unknown | — | — | 3y ago | hutool Buffer Overflow vulnerability | |||
| CVE-2023-42268 | unknown | — | — | 3y ago | Jeecg boot SQL Injection vulnerability | |||
| CVE-2023-41578 | unknown | — | — | 3y ago | Jeecg boot arbitrary file read vulnerability | |||
| CVE-2023-41329 | unknown | — | — | 3y ago | Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes | |||
| CVE-2023-41327 | unknown | — | — | 3y ago | WireMock Controlled Server Side Request Forgery vulnerability through URL | |||
| CVE-2023-41940 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins TAP Plugin | |||
| CVE-2023-41944 | unknown | — | — | 3y ago | HTML injection vulnerability in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-41933 | unknown | — | — | 3y ago | Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability | |||
| CVE-2023-41942 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-41937 | unknown | — | — | 3y ago | SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials | |||
| CVE-2023-41936 | unknown | — | — | 3y ago | Jenkins Google Login Plugin non-constant time token comparison | |||
| CVE-2023-41945 | unknown | — | — | 3y ago | Disabled permissions granted by Jenkins Assembla Auth Plugin | |||
| CVE-2023-41943 | unknown | — | — | 3y ago | Missing permission check in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-41932 | unknown | — | — | 3y ago | Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin | |||
| CVE-2023-41931 | unknown | — | — | 3y ago | XSS vulnerability in Jenkins Job Configuration History Plugin | |||
| CVE-2023-41947 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Frugal Testing Plugin | |||
| CVE-2023-41935 | unknown | — | — | 3y ago | Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin | |||
| CVE-2023-41939 | unknown | — | — | 3y ago | Disabled permissions can be granted by Jenkins SSH2 Easy Plugin | |||
| CVE-2023-41941 | unknown | — | — | 3y ago | Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs | |||
| CVE-2023-41930 | unknown | — | — | 3y ago | Path traversal in Jenkins Job Configuration History Plugin | |||
| CVE-2023-41934 | unknown | — | — | 3y ago | Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin | |||
| CVE-2023-41938 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins Ivy Plugin | |||
| CVE-2023-41946 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins Frugal Testing Plugin | |||
| CVE-2023-40743 | unknown | — | — | 3y ago | Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService | |||
| CVE-2023-41046 | unknown | — | — | 3y ago | Velocity execution without script right through VelocityCode and VelocityWiki property | |||
| CVE-2023-40771 | unknown | — | — | 3y ago | DataEase vulnerable to SQL injection | |||
| CVE-2023-39685 | unknown | — | — | 3y ago | hson-java vulnerable to denial of service | |||
| CVE-2023-41034 | unknown | — | — | 3y ago | DDFFileParser is vulnerable to XXE Attacks | |||
| CVE-2023-40787 | unknown | — | — | 3y ago | SpringBlade vulnerable to SQL injection | |||
| CVE-2023-40826 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via the zippluginPath parameter | |||
| CVE-2023-40828 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via expandIfZip method in the extract function | |||
| CVE-2023-40827 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via loadpluginPath parameter | |||
| CVE-2023-24620 | unknown | — | — | 3y ago | Esoteric YamlBeans XML Entity Expansion vulnerability | |||
| CVE-2023-24621 | unknown | — | — | 3y ago | Esoteric YamlBeans Unsafe Deserialization vulnerability | |||
| CVE-2023-40030 | unknown | — | — | 3y ago | Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated… | |||
| CVE-2023-34040 | unknown | — | — | 3y ago | Spring-Kafka has Java Deserialization vulnerability When Improperly Configured | |||
| CVE-2023-40577 | unknown | — | — | 3y ago | Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute… | |||
| CVE-2023-40573 | unknown | — | — | 3y ago | XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution | |||
| CVE-2023-40572 | unknown | — | — | 3y ago | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action | |||
| CVE-2023-4301 | unknown | — | — | 3y ago | Jenkins Fortify Plugin cross-site request forgery vulnerability | |||
| CVE-2023-4302 | unknown | — | — | 3y ago | Jenkins Fortify Plugin missing permission check | |||
| CVE-2023-40177 | unknown | — | — | 3y ago | XWiki Platform privilege escalation (PR) from account through AWM content fields | |||
| CVE-2023-40176 | unknown | — | — | 3y ago | XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer | |||
| CVE-2023-39106 | unknown | — | — | 3y ago | Nacos Spring vulnerable to Unsafe Deserialization | |||
| CVE-2023-37914 | unknown | — | — | 3y ago | XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message | |||
| CVE-2023-40313 | unknown | — | — | 3y ago | OpenNMS vulnerable to remote code execution | |||
| CVE-2023-36106 | unknown | — | — | 3y ago | PowerJob incorrect access control vulnerability | |||
| CVE-2023-38905 | unknown | — | — | 3y ago | Jeecg-boot SQL Injection vulnerability | |||
| CVE-2023-40350 | unknown | — | — | 3y ago | Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability | |||
| CVE-2023-40342 | unknown | — | — | 3y ago | Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability | |||
| CVE-2023-40340 | unknown | — | — | 3y ago | Jenkins NodeJS Plugin improper credential masking vulnerability | |||
| CVE-2023-40347 | unknown | — | — | 3y ago | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-40339 | unknown | — | — | 3y ago | Jenkins Config File Provider Plugin improper credential masking vulnerability | |||
| CVE-2023-40345 | unknown | — | — | 3y ago | Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-40349 | unknown | — | — | 3y ago | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure | |||
| CVE-2023-40344 | unknown | — | — | 3y ago | Jenkins Delphix Plugin missing permission check | |||
| CVE-2023-40348 | unknown | — | — | 3y ago | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure | |||
| CVE-2023-40341 | unknown | — | — | 3y ago | Jenkins Blue Ocean Plugin cross-site request forgery vulnerability | |||
| CVE-2023-40351 | unknown | — | — | 3y ago | Jenkins Favorite View Plugin cross-site request forgery vulnerability |