CVEs from 2023
Total
6,167
critical
critical 221
high
high 1,482
medium
medium 1,384
low
low 30
% Critical
3.6%
% with KEV
2.6%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- registrationmagic 6
- codeready_linux_builder_for_ibm_z_systems_eus 6
- cbot_panel 6
- codeready_linux_builder_eus 6
- openstack_platform 6
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6291 | unknown | — | — | 3y ago | The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted | |||
| CVE-2023-51656 | unknown | — | — | 3y ago | Apache IoTDB: Unsafe deserialize map in Sync Tool | |||
| CVE-2023-46131 | unknown | — | — | 3y ago | Grails data binding causes JVM crash and/or other denial of service | |||
| CVE-2023-37544 | unknown | — | — | 3y ago | Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability | |||
| CVE-2023-50732 | unknown | — | — | 3y ago | Velocity execution without script right through tree macro | |||
| CVE-2023-50730 | unknown | — | — | 3y ago | Grackle has StackOverflowError in GraphQL query processing | |||
| CVE-2023-6134 | unknown | — | — | 3y ago | Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri | |||
| CVE-2023-6886 | unknown | — | — | 3y ago | Xnx3 Wangmarket Cross-Site Scripting vulnerability | |||
| CVE-2023-50723 | unknown | — | — | 3y ago | Remote code execution/programming rights with configuration section from any user account | |||
| CVE-2023-50722 | unknown | — | — | 3y ago | XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass | |||
| CVE-2023-50721 | unknown | — | — | 3y ago | Remote code execution from account through SearchAdmin | |||
| CVE-2023-50720 | unknown | — | — | 3y ago | Solr search discloses email addresses of users | |||
| CVE-2023-50719 | unknown | — | — | 3y ago | Solr search discloses password hashes of all users | |||
| CVE-2023-30867 | unknown | — | — | 3y ago | Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability | |||
| CVE-2023-49898 | unknown | — | — | 3y ago | Apache StreamPark: Authenticated system users could trigger remote command execution | |||
| CVE-2023-6835 | unknown | — | — | 3y ago | WSO2 API Manager allows attackers to change the API rating | |||
| CVE-2023-6836 | unknown | — | — | 3y ago | WSO2 products vulnerable to XML External Entity attack | |||
| CVE-2023-6837 | unknown | — | — | 3y ago | Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning | |||
| CVE-2023-46279 | unknown | — | — | 3y ago | Apache Dubbo: Bypass deny serialize list check in Apache Dubbo | |||
| CVE-2023-29234 | unknown | — | — | 3y ago | Bypass serialize checks in Apache Dubbo | |||
| CVE-2023-6563 | unknown | — | — | 3y ago | Allocation of Resources Without Limits in Keycloak | |||
| CVE-2023-50101 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalcms | |||
| CVE-2023-50100 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalcms | |||
| CVE-2023-50137 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalcms | |||
| CVE-2023-50102 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalcms | |||
| CVE-2023-46750 | unknown | — | — | 3y ago | Open redirect in Apache Shiro | |||
| CVE-2023-50772 | unknown | — | — | 3y ago | Tokens stored in plain text by Dingding JSON Pusher Plugin | |||
| CVE-2023-50774 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin | |||
| CVE-2023-50773 | unknown | — | — | 3y ago | Displayed in plain text by Dingding JSON Pusher Plugin | |||
| CVE-2023-50776 | unknown | — | — | 3y ago | Tokens stored in plain text by PaaSLane Estimate Plugin | |||
| CVE-2023-50764 | unknown | — | — | 3y ago | Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin | |||
| CVE-2023-50779 | unknown | — | — | 3y ago | Missing permission check in Jenkins PaaSLane Estimate Plugin | |||
| CVE-2023-50771 | unknown | — | — | 3y ago | Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin | |||
| CVE-2023-50765 | unknown | — | — | 3y ago | Missing permission check in Jenkins Scriptler Plugin | |||
| CVE-2023-50775 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin | |||
| CVE-2023-50778 | unknown | — | — | 3y ago | Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin | |||
| CVE-2023-50770 | unknown | — | — | 3y ago | Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin | |||
| CVE-2023-50767 | unknown | — | — | 3y ago | Jenkins Nexus Platform Plugin missing permission check | |||
| CVE-2023-50766 | unknown | — | — | 3y ago | Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-50768 | unknown | — | — | 3y ago | Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-50777 | unknown | — | — | 3y ago | Tokens stored in plain text by PaaSLane Estimate Plugin | |||
| CVE-2023-50769 | unknown | — | — | 3y ago | Jenkins Nexus Platform Plugin missing permission check | |||
| CVE-2023-47326 | unknown | — | — | 3y ago | Cross Site Request Forgery in Silverpeas | |||
| CVE-2023-47324 | unknown | — | — | 3y ago | Cross-site Scripting in silverpeas | |||
| CVE-2023-47323 | unknown | — | — | 3y ago | Missing access control in Silverpeas | |||
| CVE-2023-47327 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-47322 | unknown | — | — | 3y ago | Cross Site Request Forgery in Silverpeas | |||
| CVE-2023-47325 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-47321 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-47320 | unknown | — | — | 3y ago | Broken access control in Silverpeas | |||
| CVE-2023-50422 | unknown | — | — | 3y ago | Improper JWT Signature Validation in SAP Security Services Library | |||
| CVE-2023-6379 | unknown | — | — | 3y ago | Alkacon OpenCMS XSS via Mercury template | |||
| CVE-2023-50449 | unknown | — | — | 3y ago | Directory Traversal in JFinalCMS | |||
| CVE-2023-6394 | unknown | — | — | 3y ago | Authorization bypass in Quarkus | |||
| CVE-2023-49487 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-49486 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-49485 | unknown | — | — | 3y ago | Cross-site Scripting in JFinalCMS | |||
| CVE-2023-50164 | unknown | — | — | 3y ago | Apache Struts vulnerable to path traversal | |||
| CVE-2023-6393 | unknown | — | — | 3y ago | Quarkus Cache Runtime exposes sensitive information to an unauthorized actor | |||
| CVE-2023-26154 | unknown | — | — | 3y ago | pubnub Insufficient Entropy vulnerability | |||
| CVE-2023-49280 | unknown | — | — | 3y ago | Data leak of password hash through change requests | |||
| CVE-2023-46674 | unknown | — | — | 3y ago | Elasticsearch-hadoop Unsafe Deserialization | |||
| CVE-2023-49448 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via admin/nav/delete | |||
| CVE-2023-49397 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus | |||
| CVE-2023-49396 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/save | |||
| CVE-2023-49446 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/nav/save | |||
| CVE-2023-49381 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/div/update | |||
| CVE-2023-49395 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/update | |||
| CVE-2023-49383 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/tag/save | |||
| CVE-2023-49382 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/div/delete | |||
| CVE-2023-49447 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/nav/update | |||
| CVE-2023-49398 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/category/delete | |||
| CVE-2023-49373 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-49372 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-49375 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update | |||
| CVE-2023-49376 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS | |||
| CVE-2023-49378 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/form/save | |||
| CVE-2023-49379 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save | |||
| CVE-2023-49380 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete | |||
| CVE-2023-49377 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/tag/update | |||
| CVE-2023-49374 | unknown | — | — | 3y ago | Cross-Site Request Forgery in JFinalCMS via /admin/slide/update | |||
| CVE-2023-41835 | unknown | — | — | 3y ago | Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability | |||
| CVE-2023-49093 | unknown | — | — | 3y ago | HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL | |||
| CVE-2023-48910 | unknown | — | — | 3y ago | Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download | |||
| CVE-2023-48967 | unknown | — | — | 3y ago | Solon is vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-6481 | unknown | — | — | 3y ago | Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data | |||
| CVE-2023-48887 | unknown | — | — | 3y ago | Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request | |||
| CVE-2023-49371 | unknown | — | — | 3y ago | RuoYi vulnerable to SQL injection vulnerability | |||
| CVE-2023-49735 | unknown | — | — | 3y ago | Apache Tiles: Unvalidated input may lead to path traversal and XXE | |||
| CVE-2023-4218 | unknown | — | — | 3y ago | Eclipse IDE XXE in eclipse.platform | |||
| CVE-2023-49733 | unknown | — | — | 3y ago | Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability | |||
| CVE-2023-49620 | unknown | — | — | 3y ago | Apache DolphinScheduler Missing Authorization vulnerability | |||
| CVE-2023-49653 | unknown | — | — | 3y ago | Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-49655 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin cross-site request forgery vulnerability | |||
| CVE-2023-49654 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin missing permission checks | |||
| CVE-2023-49656 | unknown | — | — | 3y ago | Jenkins MATLAB Plugin XML External Entity vulnerability | |||
| CVE-2023-49674 | unknown | — | — | 3y ago | Jenkins NeuVector Vulnerability Scanner Plugin missing permission check | |||
| CVE-2023-49673 | unknown | — | — | 3y ago | Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-49652 | unknown | — | — | 3y ago | Jenkins Google Compute Engine Plugin has incorrect permission checks | |||
| CVE-2023-6378 | unknown | — | — | 3y ago | logback serialization vulnerability |