VIR Vulnerability Intelligence Relay

CVEs from 2023

6,216 normalized CVEs published or assigned in this year.

Total
6,216
critical
critical 239
high
high 1,501
medium
medium 1,406
low
low 31
% Critical
3.8%
% with KEV
2.6%
% with exploit
3.4%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • ftmg-esr50sxx 8
  • ftmg-esn40sxx 8
  • ftmg-esd25axx 8
  • ftmg-esr40sxx 8
  • ftmg-esd15axx 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-50292 unknown 2y ago Apache Solr Schema Designer blindly "trusts" all configsets
CVE-2023-47798 unknown 2y ago Liferay Portal's account lockout does not invalidate existing user sessions
CVE-2023-39196 unknown 2y ago Apache Ozone Improper Authentication vulnerability
CVE-2023-51437 unknown 2y ago Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
CVE-2023-34042 unknown 2y ago Spring Security's spring-security.xsd file is world writable
CVE-2023-51982 unknown 2y ago CrateDB authentication bypass vulnerability
CVE-2023-29055 unknown 2y ago Apache Kylin has Insufficiently Protected Credentials
CVE-2023-6267 unknown 2y ago Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
CVE-2023-6927 unknown 2y ago keycloak-core: open redirect via "form_post.jwt" JARM response mode
CVE-2023-51282 unknown 2y ago Code injection in mingSoft MCMS
CVE-2023-46749 unknown 2y ago Apache Shiro vulnerable to path traversal
CVE-2023-46226 unknown 2y ago Remote Code Execution vulnerability in Apache IoTDB via UDF
CVE-2023-50290 unknown 2y ago Apache Solr allows read access to host environmet variables
CVE-2023-49569 unknown 2y ago A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, rem…
CVE-2023-6147 unknown 2y ago Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
CVE-2023-6149 unknown 2y ago Qualys Jenkins Plugin for WAS XML External Entity vulnerability
CVE-2023-6148 unknown 2y ago Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability
CVE-2023-51441 unknown 2y ago Apache Axis Improper Input Validation vulnerability
CVE-2023-51785 unknown 2y ago Apache InLong Manager Arbitrary File Read Vulnerability
CVE-2023-51784 unknown 2y ago Apache InLong Manager Remote Code Execution vulnerability
CVE-2023-49299 unknown 3y ago Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
CVE-2023-50578 unknown 3y ago Mingsoft MCMS SQL injection
CVE-2023-41544 unknown 3y ago JeecgBoot server-side template injection
CVE-2023-41542 unknown 3y ago Jeecg Boot SQL injection vulnerability
CVE-2023-41543 unknown 3y ago Jeecg Boot SQL Injection
CVE-2023-3629 unknown 3y ago Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
CVE-2023-3628 unknown 3y ago Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
CVE-2023-50571 unknown 3y ago easy-rules-mvel vulnerable to remote code execution
CVE-2023-50570 unknown 3y ago IPAddress Infinite Loop vulnerability (Disputed)
CVE-2023-7148 unknown 3y ago ShifuML shifu code injection vulnerability
CVE-2023-5236 unknown 3y ago Infinispan circular object references causes out of memory errors
CVE-2023-5384 unknown 3y ago Infinispan caches credentials in clear text
CVE-2023-51079 unknown 3y ago mvel2 TimeOut error exists in the ParseTools.subCompileExpression method
CVE-2023-51080 unknown 3y ago hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
CVE-2023-51074 unknown 3y ago json-path Out-of-bounds Write vulnerability
CVE-2023-51084 unknown 3y ago hyavijava stack overflow vulnerability
CVE-2023-51075 unknown 3y ago hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
CVE-2023-49568 unknown 3y ago A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted res…
CVE-2023-27150 unknown 3y ago OpenCRX Cross-site Scripting vulnerability
CVE-2023-6911 unknown 3y ago WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability
CVE-2023-6291 unknown 3y ago The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
CVE-2023-51656 unknown 3y ago Apache IoTDB: Unsafe deserialize map in Sync Tool
CVE-2023-46131 unknown 3y ago Grails data binding causes JVM crash and/or other denial of service
CVE-2023-37544 unknown 3y ago Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
CVE-2023-50732 unknown 3y ago Velocity execution without script right through tree macro
CVE-2023-50730 unknown 3y ago Grackle has StackOverflowError in GraphQL query processing
CVE-2023-6134 unknown 3y ago Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
CVE-2023-6886 unknown 3y ago Xnx3 Wangmarket Cross-Site Scripting vulnerability
CVE-2023-50723 unknown 3y ago Remote code execution/programming rights with configuration section from any user account
CVE-2023-50722 unknown 3y ago XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
CVE-2023-50721 unknown 3y ago Remote code execution from account through SearchAdmin
CVE-2023-50720 unknown 3y ago Solr search discloses email addresses of users
CVE-2023-50719 unknown 3y ago Solr search discloses password hashes of all users
CVE-2023-30867 unknown 3y ago Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability
CVE-2023-49898 unknown 3y ago Apache StreamPark: Authenticated system users could trigger remote command execution
CVE-2023-6836 unknown 3y ago WSO2 products vulnerable to XML External Entity attack
CVE-2023-6835 unknown 3y ago WSO2 API Manager allows attackers to change the API rating
CVE-2023-6837 unknown 3y ago Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
CVE-2023-46279 unknown 3y ago Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
CVE-2023-29234 unknown 3y ago Bypass serialize checks in Apache Dubbo
CVE-2023-6563 unknown 3y ago Allocation of Resources Without Limits in Keycloak
CVE-2023-50137 unknown 3y ago Cross-site Scripting in JFinalcms
CVE-2023-50101 unknown 3y ago Cross-site Scripting in JFinalcms
CVE-2023-50102 unknown 3y ago Cross-site Scripting in JFinalcms
CVE-2023-50100 unknown 3y ago Cross-site Scripting in JFinalcms
CVE-2023-46750 unknown 3y ago Open redirect in Apache Shiro
CVE-2023-50768 unknown 3y ago Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
CVE-2023-50773 unknown 3y ago Displayed in plain text by Dingding JSON Pusher Plugin
CVE-2023-50774 unknown 3y ago Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin
CVE-2023-50771 unknown 3y ago Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin
CVE-2023-50778 unknown 3y ago Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin
CVE-2023-50769 unknown 3y ago Jenkins Nexus Platform Plugin missing permission check
CVE-2023-50766 unknown 3y ago Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
CVE-2023-50765 unknown 3y ago Missing permission check in Jenkins Scriptler Plugin
CVE-2023-50770 unknown 3y ago Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
CVE-2023-50767 unknown 3y ago Jenkins Nexus Platform Plugin missing permission check
CVE-2023-50776 unknown 3y ago Tokens stored in plain text by PaaSLane Estimate Plugin
CVE-2023-50777 unknown 3y ago Tokens stored in plain text by PaaSLane Estimate Plugin
CVE-2023-50775 unknown 3y ago Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin
CVE-2023-50779 unknown 3y ago Missing permission check in Jenkins PaaSLane Estimate Plugin
CVE-2023-50764 unknown 3y ago Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin
CVE-2023-50772 unknown 3y ago Tokens stored in plain text by Dingding JSON Pusher Plugin
CVE-2023-47324 unknown 3y ago Cross-site Scripting in silverpeas
CVE-2023-47321 unknown 3y ago Broken access control in Silverpeas
CVE-2023-47327 unknown 3y ago Broken access control in Silverpeas
CVE-2023-47326 unknown 3y ago Cross Site Request Forgery in Silverpeas
CVE-2023-47323 unknown 3y ago Missing access control in Silverpeas
CVE-2023-47325 unknown 3y ago Broken access control in Silverpeas
CVE-2023-47322 unknown 3y ago Cross Site Request Forgery in Silverpeas
CVE-2023-47320 unknown 3y ago Broken access control in Silverpeas
CVE-2023-50422 unknown 3y ago Improper JWT Signature Validation in SAP Security Services Library
CVE-2023-6379 unknown 3y ago Alkacon OpenCMS XSS via Mercury template
CVE-2023-50449 unknown 3y ago Directory Traversal in JFinalCMS
CVE-2023-6394 unknown 3y ago Authorization bypass in Quarkus
CVE-2023-49487 unknown 3y ago Cross-site Scripting in JFinalCMS
CVE-2023-49485 unknown 3y ago Cross-site Scripting in JFinalCMS
CVE-2023-49486 unknown 3y ago Cross-site Scripting in JFinalCMS
CVE-2023-50164 unknown 3y ago Apache Struts vulnerable to path traversal
CVE-2023-6393 unknown 3y ago Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
CVE-2023-26154 unknown 3y ago pubnub Insufficient Entropy vulnerability