CVEs from 2023
Total
6,664
critical
critical 222
high
high 1,548
medium
medium 1,277
low
low 23
% Critical
3.3%
% with KEV
2.4%
% with exploit
2.5%
Top vendors
- redhat 120
- microsoft 76
- f5 43
- cisco 26
- automattic 19
- cbot 12
- brainstormforce 11
- gvectors 10
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- openstack_platform 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- registrationmagic 6
- codeready_linux_builder_eus 6
- cbot_panel 6
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2023-20867 | low | — | 4.0 | 3y ago | Low: open-vm-tools security update | |
| CVE-2023-43770 | unknown | — | 1.5 | 2y ago | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | |
| CVE-2023-46604 | unknown | — | 1.5 | 3y ago | Apache ActiveMQ is vulnerable to Remote Code Execution | |
| CVE-2023-5631 | unknown | — | 1.5 | 3y ago | Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavio… | |
| CVE-2023-33246 | unknown | — | 1.5 | 3y ago | Apache RocketMQ may have remote code execution vulnerability when using update configuration function | |
| CVE-2023-32315 | unknown | — | 1.5 | 3y ago | Administration Console authentication bypass in openfire xmppserver |