CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36479 | unknown | — | — | 3y ago | Jetty vulnerable to errant command quoting in CGI Servlet | |||
| CVE-2023-1108 | unknown | — | — | 3y ago | Undertow denial of service vulnerability | |||
| CVE-2023-42503 | unknown | — | — | 3y ago | Apache Commons Compress denial of service vulnerability | |||
| CVE-2023-26141 | unknown | — | — | 3y ago | Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipu… | |||
| CVE-2023-4918 | unknown | — | — | 3y ago | Keycloak vulnerable to Plaintext Storage of User Password | |||
| CVE-2023-41887 | unknown | — | — | 3y ago | OpenRefine Remote Code execution in project import with mysql jdbc url attack | |||
| CVE-2023-41886 | unknown | — | — | 3y ago | OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack | |||
| CVE-2023-42277 | unknown | — | — | 3y ago | hutool Buffer Overflow vulnerability | |||
| CVE-2023-42278 | unknown | — | — | 3y ago | hutool Buffer Overflow vulnerability | |||
| CVE-2023-42276 | unknown | — | — | 3y ago | hutool Buffer Overflow vulnerability | |||
| CVE-2023-41578 | unknown | — | — | 3y ago | Jeecg boot arbitrary file read vulnerability | |||
| CVE-2023-42268 | unknown | — | — | 3y ago | Jeecg boot SQL Injection vulnerability | |||
| CVE-2023-41329 | unknown | — | — | 3y ago | Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes | |||
| CVE-2023-41327 | unknown | — | — | 3y ago | WireMock Controlled Server Side Request Forgery vulnerability through URL | |||
| CVE-2023-41931 | unknown | — | — | 3y ago | XSS vulnerability in Jenkins Job Configuration History Plugin | |||
| CVE-2023-41930 | unknown | — | — | 3y ago | Path traversal in Jenkins Job Configuration History Plugin | |||
| CVE-2023-41937 | unknown | — | — | 3y ago | SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials | |||
| CVE-2023-41939 | unknown | — | — | 3y ago | Disabled permissions can be granted by Jenkins SSH2 Easy Plugin | |||
| CVE-2023-41943 | unknown | — | — | 3y ago | Missing permission check in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-41933 | unknown | — | — | 3y ago | Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability | |||
| CVE-2023-41932 | unknown | — | — | 3y ago | Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin | |||
| CVE-2023-41942 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-41947 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Frugal Testing Plugin | |||
| CVE-2023-41940 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins TAP Plugin | |||
| CVE-2023-41941 | unknown | — | — | 3y ago | Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs | |||
| CVE-2023-41934 | unknown | — | — | 3y ago | Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin | |||
| CVE-2023-41935 | unknown | — | — | 3y ago | Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin | |||
| CVE-2023-41945 | unknown | — | — | 3y ago | Disabled permissions granted by Jenkins Assembla Auth Plugin | |||
| CVE-2023-41946 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins Frugal Testing Plugin | |||
| CVE-2023-41936 | unknown | — | — | 3y ago | Jenkins Google Login Plugin non-constant time token comparison | |||
| CVE-2023-41938 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins Ivy Plugin | |||
| CVE-2023-41944 | unknown | — | — | 3y ago | HTML injection vulnerability in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-40743 | unknown | — | — | 3y ago | Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService | |||
| CVE-2023-41046 | unknown | — | — | 3y ago | Velocity execution without script right through VelocityCode and VelocityWiki property | |||
| CVE-2023-40771 | unknown | — | — | 3y ago | DataEase vulnerable to SQL injection | |||
| CVE-2023-39685 | unknown | — | — | 3y ago | hson-java vulnerable to denial of service | |||
| CVE-2023-41034 | unknown | — | — | 3y ago | DDFFileParser is vulnerable to XXE Attacks | |||
| CVE-2023-40787 | unknown | — | — | 3y ago | SpringBlade vulnerable to SQL injection | |||
| CVE-2023-40828 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via expandIfZip method in the extract function | |||
| CVE-2023-40826 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via the zippluginPath parameter | |||
| CVE-2023-40827 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via loadpluginPath parameter | |||
| CVE-2023-24620 | unknown | — | — | 3y ago | Esoteric YamlBeans XML Entity Expansion vulnerability | |||
| CVE-2023-24621 | unknown | — | — | 3y ago | Esoteric YamlBeans Unsafe Deserialization vulnerability | |||
| CVE-2023-40030 | unknown | — | — | 3y ago | Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated… | |||
| CVE-2023-34040 | unknown | — | — | 3y ago | Spring-Kafka has Java Deserialization vulnerability When Improperly Configured | |||
| CVE-2023-40577 | unknown | — | — | 3y ago | Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute… | |||
| CVE-2023-40573 | unknown | — | — | 3y ago | XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution | |||
| CVE-2023-40572 | unknown | — | — | 3y ago | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action | |||
| CVE-2023-4301 | unknown | — | — | 3y ago | Jenkins Fortify Plugin cross-site request forgery vulnerability | |||
| CVE-2023-4302 | unknown | — | — | 3y ago | Jenkins Fortify Plugin missing permission check | |||
| CVE-2023-40177 | unknown | — | — | 3y ago | XWiki Platform privilege escalation (PR) from account through AWM content fields | |||
| CVE-2023-40176 | unknown | — | — | 3y ago | XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer | |||
| CVE-2023-39106 | unknown | — | — | 3y ago | Nacos Spring vulnerable to Unsafe Deserialization | |||
| CVE-2023-37914 | unknown | — | — | 3y ago | XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message | |||
| CVE-2023-36106 | unknown | — | — | 3y ago | PowerJob incorrect access control vulnerability | |||
| CVE-2023-38905 | unknown | — | — | 3y ago | Jeecg-boot SQL Injection vulnerability | |||
| CVE-2023-40313 | unknown | — | — | 3y ago | OpenNMS vulnerable to remote code execution | |||
| CVE-2023-40351 | unknown | — | — | 3y ago | Jenkins Favorite View Plugin cross-site request forgery vulnerability | |||
| CVE-2023-40350 | unknown | — | — | 3y ago | Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability | |||
| CVE-2023-40347 | unknown | — | — | 3y ago | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-40343 | unknown | — | — | 3y ago | Jenkins Tuleap Authentication Plugin non-constant time token comparison | |||
| CVE-2023-40348 | unknown | — | — | 3y ago | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure | |||
| CVE-2023-40340 | unknown | — | — | 3y ago | Jenkins NodeJS Plugin improper credential masking vulnerability | |||
| CVE-2023-40341 | unknown | — | — | 3y ago | Jenkins Blue Ocean Plugin cross-site request forgery vulnerability | |||
| CVE-2023-40339 | unknown | — | — | 3y ago | Jenkins Config File Provider Plugin improper credential masking vulnerability | |||
| CVE-2023-40349 | unknown | — | — | 3y ago | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure | |||
| CVE-2023-40345 | unknown | — | — | 3y ago | Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-40342 | unknown | — | — | 3y ago | Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability | |||
| CVE-2023-40344 | unknown | — | — | 3y ago | Jenkins Delphix Plugin missing permission check | |||
| CVE-2023-40346 | unknown | — | — | 3y ago | Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability | |||
| CVE-2023-40336 | unknown | — | — | 3y ago | Jenkins Folders Plugin cross-site request forgery vulnerability | |||
| CVE-2023-40338 | unknown | — | — | 3y ago | Jenkins Folders Plugin information disclosure vulnerability | |||
| CVE-2023-38889 | unknown | — | — | 3y ago | Alluxio vulnerable to arbitrary code execution | |||
| CVE-2023-40312 | unknown | — | — | 3y ago | OpenNMS vulnerable to Cross-site Scripting | |||
| CVE-2023-40311 | unknown | — | — | 3y ago | OpenNMS vulnerable to Cross-site Scripting | |||
| CVE-2023-0871 | unknown | — | — | 3y ago | OpenNMS Horizon XXE Injection Vulnerability | |||
| CVE-2023-3894 | unknown | — | — | 3y ago | Denial of service in jackson-dataformat-toml | |||
| CVE-2023-36480 | unknown | — | — | 3y ago | Aerospike Java Client vulnerable to unsafe deserialization of server responses | |||
| CVE-2023-4136 | unknown | — | — | 3y ago | Cross-site Scripting (XSS) in CrafterCMS | |||
| CVE-2023-3426 | unknown | — | — | 3y ago | Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions | |||
| CVE-2023-36542 | unknown | — | — | 3y ago | Apache NiFi Code Injection vulnerability | |||
| CVE-2023-39020 | unknown | — | — | 3y ago | Code injection in stanford-parser | |||
| CVE-2023-39021 | unknown | — | — | 3y ago | Code injection in wix-embedded-mysql | |||
| CVE-2023-37754 | unknown | — | — | 3y ago | Code injection in PowerJob | |||
| CVE-2023-39013 | unknown | — | — | 3y ago | Code injection in Duke | |||
| CVE-2023-39015 | unknown | — | — | 3y ago | Code injection in webmagic-core | |||
| CVE-2023-39022 | unknown | — | — | 3y ago | Code injection in oscore | |||
| CVE-2023-38992 | unknown | — | — | 3y ago | SQL injection in jeecg-boot | |||
| CVE-2023-39010 | unknown | — | — | 3y ago | Code injection in BoofCV | |||
| CVE-2023-3990 | unknown | — | — | 3y ago | Cross-site Scripting in Mingsoft MCMS | |||
| CVE-2023-38509 | unknown | — | — | 3y ago | Obfuscated email addresses should not be sorted | |||
| CVE-2023-3442 | unknown | — | — | 3y ago | Missing authorization in Jenkins Plug-in for ServiceNow | |||
| CVE-2023-3414 | unknown | — | — | 3y ago | Credential leakage in Jenkins Plug-in for ServiceNow | |||
| CVE-2023-39154 | unknown | — | — | 3y ago | Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials | |||
| CVE-2023-39152 | unknown | — | — | 3y ago | Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log | |||
| CVE-2023-39155 | unknown | — | — | 3y ago | Secret displayed without masking by Chef Identity Plugin | |||
| CVE-2023-39153 | unknown | — | — | 3y ago | CSRF vulnerability in GitLab Authentication Plugin | |||
| CVE-2023-39156 | unknown | — | — | 3y ago | CSRF vulnerability in Bazaar Plugin | |||
| CVE-2023-39151 | unknown | — | — | 3y ago | Jenkins Stored Cross-site Scripting vulnerability | |||
| CVE-2023-38647 | unknown | — | — | 3y ago | Deserialization vulnerability in Helix workflow and REST |