CVEs from 2023
Total
6,091
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-20860 | unknown | — | — | 3y ago | Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch | |||
| CVE-2023-28628 | unknown | — | — | 3y ago | lambdaisland/uri `authority-regex` returns the wrong authority | |||
| CVE-2023-28640 | unknown | — | — | 3y ago | Apiman vulnerable to permissions bypass due to missing check on API key URL | |||
| CVE-2023-27096 | unknown | — | — | 3y ago | Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module | |||
| CVE-2023-27296 | unknown | — | — | 3y ago | Apache InLong vulnerable to JDBC Deserialization of Untrusted Data | |||
| CVE-2023-28867 | unknown | — | — | 3y ago | GraphQL Java vulnerable to stack consumption | |||
| CVE-2023-20859 | unknown | — | — | 3y ago | Spring Vault vulnerable to insertion of sensitive information into a log file | |||
| CVE-2023-20861 | unknown | — | — | 3y ago | Spring Framework vulnerable to denial of service via specially crafted SpEL expression | |||
| CVE-2023-1370 | unknown | — | — | 3y ago | json-smart Uncontrolled Recursion vulnerability | |||
| CVE-2023-27094 | unknown | — | — | 3y ago | Hippo4j privilege escalation issue | |||
| CVE-2023-0870 | unknown | — | — | 3y ago | OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery | |||
| CVE-2023-1436 | unknown | — | — | 3y ago | Jettison vulnerable to infinite recursion | |||
| CVE-2023-27087 | unknown | — | — | 3y ago | Xuxueli xxl-job allows attacker to obtain sensitive information via the pageList parameter | |||
| CVE-2023-28118 | unknown | — | — | 3y ago | kaml has potential denial of service while parsing input with anchors and aliases | |||
| CVE-2023-26513 | unknown | — | — | 3y ago | Apache Sling Resource Merger has Excessive Iteration vulnerability | |||
| CVE-2023-1454 | unknown | — | — | 3y ago | jeecg-boot SQL Injection vulnerability | |||
| CVE-2023-27095 | unknown | — | — | 3y ago | Exposure of Sensitive Information in OpenGoofy Hippo4j | |||
| CVE-2023-0100 | unknown | — | — | 3y ago | Improper Input Validation In Eclipse BIRT | |||
| CVE-2023-24535 | unknown | — | — | 3y ago | Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a… | |||
| CVE-2023-24279 | unknown | — | — | 3y ago | ONOS vulnerable to reflected cross-site scripting | |||
| CVE-2023-28465 | unknown | — | — | 3y ago | HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057 | |||
| CVE-2023-27904 | unknown | — | — | 3y ago | Information disclosure through error stack traces related to agents | |||
| CVE-2023-27902 | unknown | — | — | 3y ago | Incorrect Permission Preservation in Jenkins Core | |||
| CVE-2023-27903 | unknown | — | — | 3y ago | Incorrect Authorization in Jenkins Core | |||
| CVE-2023-27900 | unknown | — | — | 3y ago | Denial of service in Jenkins Core | |||
| CVE-2023-27899 | unknown | — | — | 3y ago | Incorrect Authorization in Jenkins Core | |||
| CVE-2023-27898 | unknown | — | — | 3y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2023-27901 | unknown | — | — | 3y ago | Denial of service in Jenkins Core | |||
| CVE-2023-27905 | unknown | — | — | 3y ago | Cross site scripting vulnerability in update-center2 | |||
| CVE-2023-26464 | unknown | — | — | 3y ago | Apache Log4j 1.x (EOL) allows Denial of Service (DoS) | |||
| CVE-2023-27480 | unknown | — | — | 3y ago | XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference | |||
| CVE-2023-27479 | unknown | — | — | 3y ago | org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection | |||
| CVE-2023-23638 | unknown | — | — | 3y ago | Apache Dubbo vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-27476 | unknown | — | — | 3y ago | OWSLib vulnerability | |||
| CVE-2023-25806 | unknown | — | — | 3y ago | OpenSearch has time discrepancy in authentication responses | |||
| CVE-2023-24789 | unknown | — | — | 3y ago | jeecg-boot contains SQL Injection vulnerability | |||
| CVE-2023-26056 | unknown | — | — | 3y ago | xwiki contains Incorrect Authorization | |||
| CVE-2023-26480 | unknown | — | — | 3y ago | XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data | |||
| CVE-2023-26479 | unknown | — | — | 3y ago | xwiki vulnerable to Improper Handling of Exceptional Conditions | |||
| CVE-2023-26478 | unknown | — | — | 3y ago | xwiki contains Exposed Dangerous Method or Function | |||
| CVE-2023-26477 | unknown | — | — | 3y ago | org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability | |||
| CVE-2023-26470 | unknown | — | — | 3y ago | XWiki Platform subject to Uncontrolled Resource Consumption | |||
| CVE-2023-26471 | unknown | — | — | 3y ago | XWiki Platform users may execute anything with superadmin right through comments and async macro | |||
| CVE-2023-26055 | unknown | — | — | 3y ago | XWiki Platform may allow privilege escalation to programming rights via user's first name | |||
| CVE-2023-26472 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile | |||
| CVE-2023-26474 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author | |||
| CVE-2023-26476 | unknown | — | — | 3y ago | XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor | |||
| CVE-2023-26473 | unknown | — | — | 3y ago | Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm | |||
| CVE-2023-0264 | unknown | — | — | 3y ago | Keycloak vulnerable to user impersonation via stolen UUID code | |||
| CVE-2023-26475 | unknown | — | — | 3y ago | xwiki-platform vulnerable to Remote Code Execution in Annotations | |||
| CVE-2023-0481 | unknown | — | — | 3y ago | RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions | |||
| CVE-2023-25693 | unknown | — | — | 3y ago | Apache Airflow Sqoop Provider Improper Input Validation vulnerability | |||
| CVE-2023-0044 | unknown | — | — | 3y ago | Cross-site Scripting in Quarkus | |||
| CVE-2023-0869 | unknown | — | — | 3y ago | Cross Site Scripting in OpenNMS | |||
| CVE-2023-0815 | unknown | — | — | 3y ago | OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability | |||
| CVE-2023-0867 | unknown | — | — | 3y ago | OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting | |||
| CVE-2023-0868 | unknown | — | — | 3y ago | OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting | |||
| CVE-2023-25621 | unknown | — | — | 3y ago | Improper Privilege Management in Apache Sling | |||
| CVE-2023-26302 | unknown | — | — | 3y ago | Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | |||
| CVE-2023-26303 | unknown | — | — | 3y ago | Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | |||
| CVE-2023-25570 | unknown | — | — | 3y ago | Apollo has potential access control security issue in eureka | |||
| CVE-2023-25569 | unknown | — | — | 3y ago | apollo-portal has potential CSRF issue | |||
| CVE-2023-0846 | unknown | — | — | 3y ago | OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting | |||
| CVE-2023-25158 | unknown | — | — | 3y ago | GeoTools OGC Filter SQL Injection Vulnerabilities | |||
| CVE-2023-25157 | unknown | — | — | 3y ago | GeoServer OGC Filter SQL Injection Vulnerabilities | |||
| CVE-2023-25613 | unknown | — | — | 3y ago | Apache Kerby LdapIdentityBackend LDAP Injection vulnerability | |||
| CVE-2023-23926 | unknown | — | — | 3y ago | XML External Entity (XXE) vulnerability in apoc.import.graphml | |||
| CVE-2023-23847 | unknown | — | — | 3y ago | CSRF vulnerability in Synopsys Jenkins Coverity Plugin | |||
| CVE-2023-23850 | unknown | — | — | 3y ago | Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions | |||
| CVE-2023-23848 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials | |||
| CVE-2023-25763 | unknown | — | — | 3y ago | Cross-site Scripting in Jenkins Email Extension Plugin | |||
| CVE-2023-25764 | unknown | — | — | 3y ago | Cross-site Scripting in Jenkins Email Extension Plugin | |||
| CVE-2023-25762 | unknown | — | — | 3y ago | Cross-site Scripting in Jenkins Pipeline: Build Step Plugin | |||
| CVE-2023-25761 | unknown | — | — | 3y ago | Cross-site Scripting in Jenkins JUnit Plugin | |||
| CVE-2023-25766 | unknown | — | — | 3y ago | Missing Authorization in Jenkins Azure Credentials Plugin | |||
| CVE-2023-25767 | unknown | — | — | 3y ago | Cross-Site Request Forgery in Jenkins Azure Credentials Plugin | |||
| CVE-2023-25765 | unknown | — | — | 3y ago | Sandbox escape in Jenkins Email Extension Plugin | |||
| CVE-2023-25768 | unknown | — | — | 3y ago | Missing Authorization in Jenkins Azure Credentials Plugin | |||
| CVE-2023-30798 | unknown | — | — | 3y ago | There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause e… | |||
| CVE-2023-25141 | unknown | — | — | 3y ago | Command injection in Apache Sling | |||
| CVE-2023-24187 | unknown | — | — | 3y ago | XML External Entity Reference in ureport | |||
| CVE-2023-24188 | unknown | — | — | 3y ago | Arbitrary file deletion in ureport | |||
| CVE-2023-22832 | unknown | — | — | 3y ago | XML External Entity Reference in Apache NiFi | |||
| CVE-2023-24815 | unknown | — | — | 3y ago | StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route | |||
| CVE-2023-22849 | unknown | — | — | 3y ago | Sling App CMS Cross-site Scripting vulnerability | |||
| CVE-2023-0674 | unknown | — | — | 3y ago | Cross-Site Request Forgery in XXL Job | |||
| CVE-2023-24977 | unknown | — | — | 3y ago | Apache InLong contains Out-of-bounds Read vulnerability | |||
| CVE-2023-24163 | unknown | — | — | 3y ago | Dromara hutool vulnerable to SQL Injection | |||
| CVE-2023-24162 | unknown | — | — | 3y ago | Dromara Hutool Deserialization of Untrusted Data vulnerability | |||
| CVE-2023-24422 | unknown | — | — | 3y ago | Sandbox bypass in Jenkins Script Security Plugin | |||
| CVE-2023-24427 | unknown | — | — | 3y ago | Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin | |||
| CVE-2023-24439 | unknown | — | — | 3y ago | Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24431 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs | |||
| CVE-2023-24443 | unknown | — | — | 3y ago | XML Entity Expansion in Jenkins TestComplete support Plugin | |||
| CVE-2023-24455 | unknown | — | — | 3y ago | Path Traversal in Jenkins visualexpert Plugin | |||
| CVE-2023-24423 | unknown | — | — | 3y ago | Cross-site request forgery in Jenkins Gerrit Trigger Plugin | |||
| CVE-2023-24440 | unknown | — | — | 3y ago | Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24433 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Orka Plugin allow capturing credentials | |||
| CVE-2023-24453 | unknown | — | — | 3y ago | Missing permission check in Jenkins TestQuality Updater Plugin | |||
| CVE-2023-24434 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin |