CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31454 | unknown | — | — | 3y ago | Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource | |||
| CVE-2023-31058 | unknown | — | — | 3y ago | Apache InLong Deserialization of Untrusted Data Vulnerability | |||
| CVE-2023-31062 | unknown | — | — | 3y ago | Apache InLong Improper Privilege Management vulnerability | |||
| CVE-2023-31206 | unknown | — | — | 3y ago | Apache InLong Exposure of Resource to Wrong Sphere vulnerability | |||
| CVE-2023-28936 | unknown | — | — | 3y ago | Apache OpenMeetings insufficient authorization vulnerability | |||
| CVE-2023-41044 | unknown | — | — | 3y ago | Graylog server has partial path traversal vulnerability in Support Bundle feature | |||
| CVE-2023-41045 | unknown | — | — | 3y ago | Graylog vulnerable to insecure source port usage for DNS queries | |||
| CVE-2023-41041 | unknown | — | — | 3y ago | Graylog user session is still usable after logout | |||
| CVE-2023-30465 | unknown | — | — | 3y ago | Apache InLong SQL Injection vulnerability | |||
| CVE-2023-27987 | unknown | — | — | 3y ago | Apache Linkis Authentication Bypass vulnerability | |||
| CVE-2023-27603 | unknown | — | — | 3y ago | Apache Linkis Zip Slip issue | |||
| CVE-2023-26119 | unknown | — | — | 3y ago | HtmlUnit Code Injection vulnerability | |||
| CVE-2023-27602 | unknown | — | — | 3y ago | Apache Linkis Unrestricted File Upload vulnerability | |||
| CVE-2023-28685 | unknown | — | — | 3y ago | Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability | |||
| CVE-2023-32732 | unknown | — | — | 3y ago | gRPC connection termination issue | |||
| CVE-2023-25399 | unknown | — | — | 3y ago | A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not … | |||
| CVE-2023-34150 | unknown | — | — | 3y ago | Apache Any23 vulnerable to excessive memory usage | |||
| CVE-2023-33201 | unknown | — | — | 3y ago | Bouncy Castle For Java LDAP injection vulnerability | |||
| CVE-2023-2974 | unknown | — | — | 3y ago | quarkus-core vulnerable to client driven TLS cipher downgrading | |||
| CVE-2023-36468 | unknown | — | — | 3y ago | Upgrading doesn't prevent exploiting vulnerable XWiki documents | |||
| CVE-2023-36469 | unknown | — | — | 3y ago | XWiki Platform vulnerable to Code injection through NotificationRSSService | |||
| CVE-2023-36470 | unknown | — | — | 3y ago | XWiki Platform vulnerable to Code Injection in icon themes | |||
| CVE-2023-36471 | unknown | — | — | 3y ago | org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted | |||
| CVE-2023-36477 | unknown | — | — | 3y ago | XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages | |||
| CVE-2023-2422 | unknown | — | — | 3y ago | Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients | |||
| CVE-2023-1664 | unknown | — | — | 3y ago | Keycloak Untrusted Certificate Validation vulnerability | |||
| CVE-2023-2585 | unknown | — | — | 3y ago | Client Spoofing within the Keycloak Device Authorisation Grant | |||
| CVE-2023-3432 | unknown | — | — | 3y ago | PlantUML Server-Side Request Forgery vulnerability | |||
| CVE-2023-3431 | unknown | — | — | 3y ago | PlantUML Improper Access Control vulnerability | |||
| CVE-2023-31469 | unknown | — | — | 3y ago | Apache StreamPipes Improper Privilege Management vulnerability | |||
| CVE-2023-25499 | unknown | — | — | 3y ago | Vaadin vulnerable to possible information disclosure in non visible components. | |||
| CVE-2023-25500 | unknown | — | — | 3y ago | Vaadin vulnerable to possible information disclosure of class and method names in RPC response | |||
| CVE-2023-35925 | unknown | — | — | 3y ago | FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption | |||
| CVE-2023-35161 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page | |||
| CVE-2023-35160 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template | |||
| CVE-2023-35159 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template | |||
| CVE-2023-35158 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template | |||
| CVE-2023-35157 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via delattachment action | |||
| CVE-2023-35156 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template | |||
| CVE-2023-33725 | unknown | — | — | 3y ago | Broadleaf vulnerable to Cross-site Scripting | |||
| CVE-2023-34981 | unknown | — | — | 3y ago | A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for th… | |||
| CVE-2023-34340 | unknown | — | — | 3y ago | Apache Accumulo Improper Authentication vulnerability | |||
| CVE-2023-35166 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel | |||
| CVE-2023-35162 | unknown | — | — | 3y ago | XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template | |||
| CVE-2023-35155 | unknown | — | — | 3y ago | XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email | |||
| CVE-2023-35153 | unknown | — | — | 3y ago | XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters | |||
| CVE-2023-35152 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults | |||
| CVE-2023-35151 | unknown | — | — | 3y ago | XWiki Platform may show email addresses in clear in REST results | |||
| CVE-2023-35150 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application | |||
| CVE-2023-34467 | unknown | — | — | 3y ago | XWiki Platform may retrieve email addresses of all users | |||
| CVE-2023-34466 | unknown | — | — | 3y ago | XWiki Platform's tags on non-viewable pages can be revealed to users | |||
| CVE-2023-34465 | unknown | — | — | 3y ago | XWiki Platform's Mail.MailConfig can be edited by any user with edit rights | |||
| CVE-2023-34464 | unknown | — | — | 3y ago | XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template | |||
| CVE-2023-34462 | unknown | — | — | 3y ago | netty-handler SniHandler 16MB allocation | |||
| CVE-2023-53159 | unknown | — | — | 3y ago | The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. | |||
| CVE-2023-3315 | unknown | — | — | 3y ago | Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation | |||
| CVE-2023-34602 | unknown | — | — | 3y ago | JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode | |||
| CVE-2023-34603 | unknown | — | — | 3y ago | JeecgBoot vulnerable to SQL injection in queryFilterTableDictInfo | |||
| CVE-2023-35839 | unknown | — | — | 3y ago | Solon vulnerable to deserialization of untrusted data | |||
| CVE-2023-3308 | unknown | — | — | 3y ago | Whaleal IceFrog is vulnerable to deserialization | |||
| CVE-2023-34660 | unknown | — | — | 3y ago | jeecg-boot unrestricted file upload vulnerability | |||
| CVE-2023-34659 | unknown | — | — | 3y ago | jeecg-boot SQL injection vulnerability | |||
| CVE-2023-34455 | unknown | — | — | 3y ago | snappy-java's unchecked chunk length leads to DoS | |||
| CVE-2023-34454 | unknown | — | — | 3y ago | snappy-java's Integer Overflow vulnerability in compress leads to DoS | |||
| CVE-2023-34453 | unknown | — | — | 3y ago | snappy-java's Integer Overflow vulnerability in shuffle leads to DoS | |||
| CVE-2023-3276 | unknown | — | — | 3y ago | HuTool XML parsing module has blind XXE vulnerability | |||
| CVE-2023-35030 | unknown | — | — | 3y ago | Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module | |||
| CVE-2023-3193 | unknown | — | — | 3y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module | |||
| CVE-2023-2976 | unknown | — | — | 3y ago | Guava vulnerable to insecure use of temporary directory | |||
| CVE-2023-35110 | unknown | — | — | 3y ago | jjson vulnerable to stack exhaustion | |||
| CVE-2023-34616 | unknown | — | — | 3y ago | pbjson vulnerable to stack exhaustion | |||
| CVE-2023-34624 | unknown | — | — | 3y ago | htmlcleaner vulnerable to stack exhaustion | |||
| CVE-2023-34614 | unknown | — | — | 3y ago | jsonij vulnerable to stack exhaustion | |||
| CVE-2023-34617 | unknown | — | — | 3y ago | genson vulnerable to stack exhaustion | |||
| CVE-2023-34615 | unknown | — | — | 3y ago | JSONUtil vulnerable to stack exhaustion | |||
| CVE-2023-34613 | unknown | — | — | 3y ago | sojo vulnerable to stack exhaustion | |||
| CVE-2023-34610 | unknown | — | — | 3y ago | json-io vulnerable to stack exhaustion | |||
| CVE-2023-34612 | unknown | — | — | 3y ago | ph-json vulnerable to stack exhaustion | |||
| CVE-2023-35141 | unknown | — | — | 3y ago | Jenkins CSRF protection bypass vulnerability | |||
| CVE-2023-35143 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins Maven Repository Server Plugin | |||
| CVE-2023-35146 | unknown | — | — | 3y ago | Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting | |||
| CVE-2023-35145 | unknown | — | — | 3y ago | Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting | |||
| CVE-2023-35144 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins Maven Repository Server Plugin | |||
| CVE-2023-35147 | unknown | — | — | 3y ago | Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-35149 | unknown | — | — | 3y ago | Jenkins Digital.ai App Management Publisher Plugin missing permission checks | |||
| CVE-2023-35142 | unknown | — | — | 3y ago | SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin | |||
| CVE-2023-35148 | unknown | — | — | 3y ago | Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2023-34149 | unknown | — | — | 3y ago | Apache Struts vulnerable to memory exhaustion | |||
| CVE-2023-34396 | unknown | — | — | 3y ago | Apache Struts vulnerable to memory exhaustion | |||
| CVE-2023-33695 | unknown | — | — | 3y ago | Insecure Temporary File in HuTool | |||
| CVE-2023-34212 | unknown | — | — | 3y ago | Apache NiFi vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-35042 | unknown | — | — | 3y ago | GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language | |||
| CVE-2023-3163 | unknown | — | — | 3y ago | RuoYi Uncontrolled Resource Consumption vulnerability | |||
| CVE-2023-33496 | unknown | — | — | 3y ago | xxl-rpc deserialization vulnerability | |||
| CVE-2023-33510 | unknown | — | — | 3y ago | Jeecg P3 Biz Chat allows remote attackers to read arbitrary files | |||
| CVE-2023-33962 | unknown | — | — | 3y ago | JStachio XSS vulnerability: Unescaped single quotes | |||
| CVE-2023-32310 | unknown | — | — | 3y ago | DataEase API interface has IDOR vulnerability | |||
| CVE-2023-33546 | unknown | — | — | 3y ago | janino vulnerable to denial of service due to stack overflow | |||
| CVE-2023-33544 | unknown | — | — | 3y ago | hawtio vulnerable to Path Traversal | |||
| CVE-2023-1521 | unknown | — | — | 3y ago | On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (… |