CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2422 | unknown | — | — | 3y ago | Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients | |||
| CVE-2023-1664 | unknown | — | — | 3y ago | Keycloak Untrusted Certificate Validation vulnerability | |||
| CVE-2023-2585 | unknown | — | — | 3y ago | Client Spoofing within the Keycloak Device Authorisation Grant | |||
| CVE-2023-3432 | unknown | — | — | 3y ago | PlantUML Server-Side Request Forgery vulnerability | |||
| CVE-2023-3431 | unknown | — | — | 3y ago | PlantUML Improper Access Control vulnerability | |||
| CVE-2023-31469 | unknown | — | — | 3y ago | Apache StreamPipes Improper Privilege Management vulnerability | |||
| CVE-2023-25499 | unknown | — | — | 3y ago | Vaadin vulnerable to possible information disclosure in non visible components. | |||
| CVE-2023-25500 | unknown | — | — | 3y ago | Vaadin vulnerable to possible information disclosure of class and method names in RPC response | |||
| CVE-2023-35925 | unknown | — | — | 3y ago | FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption | |||
| CVE-2023-35161 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page | |||
| CVE-2023-35160 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template | |||
| CVE-2023-35159 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template | |||
| CVE-2023-35158 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template | |||
| CVE-2023-35157 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via delattachment action | |||
| CVE-2023-35156 | unknown | — | — | 3y ago | XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template | |||
| CVE-2023-33725 | unknown | — | — | 3y ago | Broadleaf vulnerable to Cross-site Scripting | |||
| CVE-2023-34981 | unknown | — | — | 3y ago | A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for th… | |||
| CVE-2023-34340 | unknown | — | — | 3y ago | Apache Accumulo Improper Authentication vulnerability | |||
| CVE-2023-35166 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel | |||
| CVE-2023-35162 | unknown | — | — | 3y ago | XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template | |||
| CVE-2023-35155 | unknown | — | — | 3y ago | XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email | |||
| CVE-2023-35153 | unknown | — | — | 3y ago | XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters | |||
| CVE-2023-35152 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults | |||
| CVE-2023-35151 | unknown | — | — | 3y ago | XWiki Platform may show email addresses in clear in REST results | |||
| CVE-2023-35150 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application | |||
| CVE-2023-34467 | unknown | — | — | 3y ago | XWiki Platform may retrieve email addresses of all users | |||
| CVE-2023-34466 | unknown | — | — | 3y ago | XWiki Platform's tags on non-viewable pages can be revealed to users | |||
| CVE-2023-34465 | unknown | — | — | 3y ago | XWiki Platform's Mail.MailConfig can be edited by any user with edit rights | |||
| CVE-2023-34464 | unknown | — | — | 3y ago | XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template | |||
| CVE-2023-34462 | unknown | — | — | 3y ago | netty-handler SniHandler 16MB allocation | |||
| CVE-2023-53159 | unknown | — | — | 3y ago | The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. | |||
| CVE-2023-3315 | unknown | — | — | 3y ago | Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation | |||
| CVE-2023-34602 | unknown | — | — | 3y ago | JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode | |||
| CVE-2023-34603 | unknown | — | — | 3y ago | JeecgBoot vulnerable to SQL injection in queryFilterTableDictInfo | |||
| CVE-2023-35839 | unknown | — | — | 3y ago | Solon vulnerable to deserialization of untrusted data | |||
| CVE-2023-3308 | unknown | — | — | 3y ago | Whaleal IceFrog is vulnerable to deserialization | |||
| CVE-2023-34659 | unknown | — | — | 3y ago | jeecg-boot SQL injection vulnerability | |||
| CVE-2023-34660 | unknown | — | — | 3y ago | jeecg-boot unrestricted file upload vulnerability | |||
| CVE-2023-34455 | unknown | — | — | 3y ago | snappy-java's unchecked chunk length leads to DoS | |||
| CVE-2023-34454 | unknown | — | — | 3y ago | snappy-java's Integer Overflow vulnerability in compress leads to DoS | |||
| CVE-2023-34453 | unknown | — | — | 3y ago | snappy-java's Integer Overflow vulnerability in shuffle leads to DoS | |||
| CVE-2023-3276 | unknown | — | — | 3y ago | HuTool XML parsing module has blind XXE vulnerability | |||
| CVE-2023-3193 | unknown | — | — | 3y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module | |||
| CVE-2023-35030 | unknown | — | — | 3y ago | Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module | |||
| CVE-2023-2976 | unknown | — | — | 3y ago | Guava vulnerable to insecure use of temporary directory | |||
| CVE-2023-35110 | unknown | — | — | 3y ago | jjson vulnerable to stack exhaustion | |||
| CVE-2023-34624 | unknown | — | — | 3y ago | htmlcleaner vulnerable to stack exhaustion | |||
| CVE-2023-34615 | unknown | — | — | 3y ago | JSONUtil vulnerable to stack exhaustion | |||
| CVE-2023-34617 | unknown | — | — | 3y ago | genson vulnerable to stack exhaustion | |||
| CVE-2023-34613 | unknown | — | — | 3y ago | sojo vulnerable to stack exhaustion | |||
| CVE-2023-34614 | unknown | — | — | 3y ago | jsonij vulnerable to stack exhaustion | |||
| CVE-2023-34612 | unknown | — | — | 3y ago | ph-json vulnerable to stack exhaustion | |||
| CVE-2023-34610 | unknown | — | — | 3y ago | json-io vulnerable to stack exhaustion | |||
| CVE-2023-34616 | unknown | — | — | 3y ago | pbjson vulnerable to stack exhaustion | |||
| CVE-2023-35145 | unknown | — | — | 3y ago | Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting | |||
| CVE-2023-35149 | unknown | — | — | 3y ago | Jenkins Digital.ai App Management Publisher Plugin missing permission checks | |||
| CVE-2023-35141 | unknown | — | — | 3y ago | Jenkins CSRF protection bypass vulnerability | |||
| CVE-2023-35147 | unknown | — | — | 3y ago | Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-35142 | unknown | — | — | 3y ago | SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin | |||
| CVE-2023-35144 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins Maven Repository Server Plugin | |||
| CVE-2023-35148 | unknown | — | — | 3y ago | Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2023-35146 | unknown | — | — | 3y ago | Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting | |||
| CVE-2023-35143 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins Maven Repository Server Plugin | |||
| CVE-2023-34396 | unknown | — | — | 3y ago | Apache Struts vulnerable to memory exhaustion | |||
| CVE-2023-34149 | unknown | — | — | 3y ago | Apache Struts vulnerable to memory exhaustion | |||
| CVE-2023-33695 | unknown | — | — | 3y ago | Insecure Temporary File in HuTool | |||
| CVE-2023-34212 | unknown | — | — | 3y ago | Apache NiFi vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-35042 | unknown | — | — | 3y ago | GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language | |||
| CVE-2023-3163 | unknown | — | — | 3y ago | RuoYi Uncontrolled Resource Consumption vulnerability | |||
| CVE-2023-33496 | unknown | — | — | 3y ago | xxl-rpc deserialization vulnerability | |||
| CVE-2023-33510 | unknown | — | — | 3y ago | Jeecg P3 Biz Chat allows remote attackers to read arbitrary files | |||
| CVE-2023-33962 | unknown | — | — | 3y ago | JStachio XSS vulnerability: Unescaped single quotes | |||
| CVE-2023-32310 | unknown | — | — | 3y ago | DataEase API interface has IDOR vulnerability | |||
| CVE-2023-33544 | unknown | — | — | 3y ago | hawtio vulnerable to Path Traversal | |||
| CVE-2023-33546 | unknown | — | — | 3y ago | janino vulnerable to denial of service due to stack overflow | |||
| CVE-2023-1521 | unknown | — | — | 3y ago | On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (… | |||
| CVE-2023-33199 | unknown | — | — | 3y ago | Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a pan… | |||
| CVE-2023-20883 | unknown | — | — | 3y ago | Spring Boot Welcome Page Denial of Service | |||
| CVE-2023-33779 | unknown | — | — | 3y ago | Privilege escalation in XXL-Job | |||
| CVE-2023-2798 | unknown | — | — | 3y ago | Unrestricted recursion in htmlunit | |||
| CVE-2023-33944 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33948 | unknown | — | — | 3y ago | Missing authorization in Liferay portal | |||
| CVE-2023-33947 | unknown | — | — | 3y ago | Liferay portal has unauthorized access to object definition via search | |||
| CVE-2023-33946 | unknown | — | — | 3y ago | Liferay portal unauthorized access to objects via OAuth 2 scope | |||
| CVE-2023-33950 | unknown | — | — | 3y ago | Liferay Portal has Inefficient Regular Expression | |||
| CVE-2023-33945 | unknown | — | — | 3y ago | SQL injection in Liferay Portal | |||
| CVE-2023-33949 | unknown | — | — | 3y ago | Insecure Default Initialization In Liferay Portal | |||
| CVE-2023-33939 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33938 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33942 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33941 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33943 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33940 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33937 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-32697 | unknown | — | — | 3y ago | Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled | |||
| CVE-2023-31826 | unknown | — | — | 3y ago | Command injection in nevado-jms | |||
| CVE-2023-31101 | unknown | — | — | 3y ago | User data exposure in Apache InLong | |||
| CVE-2023-33264 | unknown | — | — | 3y ago | Hazelcast vulnerable to unmasked password exposure | |||
| CVE-2023-29159 | unknown | — | — | 3y ago | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. | |||
| CVE-2023-31544 | unknown | — | — | 3y ago | alkacon-OpenCMS vulnerable to stored Cross-site Scripting |