CVEs from 2023
Total
6,208
critical
critical 239
high
high 1,497
medium
medium 1,400
low
low 30
% Critical
3.8%
% with KEV
2.6%
% with exploit
3.4%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41939 | unknown | — | — | 3y ago | Disabled permissions can be granted by Jenkins SSH2 Easy Plugin | |||
| CVE-2023-41940 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins TAP Plugin | |||
| CVE-2023-41933 | unknown | — | — | 3y ago | Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability | |||
| CVE-2023-41932 | unknown | — | — | 3y ago | Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin | |||
| CVE-2023-41947 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Frugal Testing Plugin | |||
| CVE-2023-41930 | unknown | — | — | 3y ago | Path traversal in Jenkins Job Configuration History Plugin | |||
| CVE-2023-41934 | unknown | — | — | 3y ago | Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin | |||
| CVE-2023-41941 | unknown | — | — | 3y ago | Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs | |||
| CVE-2023-40743 | unknown | — | — | 3y ago | Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService | |||
| CVE-2023-41046 | unknown | — | — | 3y ago | Velocity execution without script right through VelocityCode and VelocityWiki property | |||
| CVE-2023-40771 | unknown | — | — | 3y ago | DataEase vulnerable to SQL injection | |||
| CVE-2023-39685 | unknown | — | — | 3y ago | hson-java vulnerable to denial of service | |||
| CVE-2023-41034 | unknown | — | — | 3y ago | DDFFileParser is vulnerable to XXE Attacks | |||
| CVE-2023-40787 | unknown | — | — | 3y ago | SpringBlade vulnerable to SQL injection | |||
| CVE-2023-40826 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via the zippluginPath parameter | |||
| CVE-2023-40827 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via loadpluginPath parameter | |||
| CVE-2023-40828 | unknown | — | — | 3y ago | pf4j vulnerable to remote code execution via expandIfZip method in the extract function | |||
| CVE-2023-24620 | unknown | — | — | 3y ago | Esoteric YamlBeans XML Entity Expansion vulnerability | |||
| CVE-2023-24621 | unknown | — | — | 3y ago | Esoteric YamlBeans Unsafe Deserialization vulnerability | |||
| CVE-2023-40030 | unknown | — | — | 3y ago | Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated… | |||
| CVE-2023-34040 | unknown | — | — | 3y ago | Spring-Kafka has Java Deserialization vulnerability When Improperly Configured | |||
| CVE-2023-40573 | unknown | — | — | 3y ago | XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution | |||
| CVE-2023-40572 | unknown | — | — | 3y ago | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action | |||
| CVE-2023-4301 | unknown | — | — | 3y ago | Jenkins Fortify Plugin cross-site request forgery vulnerability | |||
| CVE-2023-4302 | unknown | — | — | 3y ago | Jenkins Fortify Plugin missing permission check | |||
| CVE-2023-40177 | unknown | — | — | 3y ago | XWiki Platform privilege escalation (PR) from account through AWM content fields | |||
| CVE-2023-40176 | unknown | — | — | 3y ago | XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer | |||
| CVE-2023-39106 | unknown | — | — | 3y ago | Nacos Spring vulnerable to Unsafe Deserialization | |||
| CVE-2023-37914 | unknown | — | — | 3y ago | XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message | |||
| CVE-2023-40313 | unknown | — | — | 3y ago | OpenNMS vulnerable to remote code execution | |||
| CVE-2023-36106 | unknown | — | — | 3y ago | PowerJob incorrect access control vulnerability | |||
| CVE-2023-38905 | unknown | — | — | 3y ago | Jeecg-boot SQL Injection vulnerability | |||
| CVE-2023-40340 | unknown | — | — | 3y ago | Jenkins NodeJS Plugin improper credential masking vulnerability | |||
| CVE-2023-40347 | unknown | — | — | 3y ago | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-40345 | unknown | — | — | 3y ago | Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials | |||
| CVE-2023-40341 | unknown | — | — | 3y ago | Jenkins Blue Ocean Plugin cross-site request forgery vulnerability | |||
| CVE-2023-40351 | unknown | — | — | 3y ago | Jenkins Favorite View Plugin cross-site request forgery vulnerability | |||
| CVE-2023-40344 | unknown | — | — | 3y ago | Jenkins Delphix Plugin missing permission check | |||
| CVE-2023-40339 | unknown | — | — | 3y ago | Jenkins Config File Provider Plugin improper credential masking vulnerability | |||
| CVE-2023-40346 | unknown | — | — | 3y ago | Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability | |||
| CVE-2023-40342 | unknown | — | — | 3y ago | Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability | |||
| CVE-2023-40350 | unknown | — | — | 3y ago | Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability | |||
| CVE-2023-40348 | unknown | — | — | 3y ago | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure | |||
| CVE-2023-40343 | unknown | — | — | 3y ago | Jenkins Tuleap Authentication Plugin non-constant time token comparison | |||
| CVE-2023-40349 | unknown | — | — | 3y ago | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure | |||
| CVE-2023-40338 | unknown | — | — | 3y ago | Jenkins Folders Plugin information disclosure vulnerability | |||
| CVE-2023-40336 | unknown | — | — | 3y ago | Jenkins Folders Plugin cross-site request forgery vulnerability | |||
| CVE-2023-38889 | unknown | — | — | 3y ago | Alluxio vulnerable to arbitrary code execution | |||
| CVE-2023-40311 | unknown | — | — | 3y ago | OpenNMS vulnerable to Cross-site Scripting | |||
| CVE-2023-40312 | unknown | — | — | 3y ago | OpenNMS vulnerable to Cross-site Scripting | |||
| CVE-2023-0871 | unknown | — | — | 3y ago | OpenNMS Horizon XXE Injection Vulnerability | |||
| CVE-2023-3894 | unknown | — | — | 3y ago | Denial of service in jackson-dataformat-toml | |||
| CVE-2023-36480 | unknown | — | — | 3y ago | Aerospike Java Client vulnerable to unsafe deserialization of server responses | |||
| CVE-2023-4136 | unknown | — | — | 3y ago | Cross-site Scripting (XSS) in CrafterCMS | |||
| CVE-2023-3426 | unknown | — | — | 3y ago | Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions | |||
| CVE-2023-36542 | unknown | — | — | 3y ago | Apache NiFi Code Injection vulnerability | |||
| CVE-2023-37754 | unknown | — | — | 3y ago | Code injection in PowerJob | |||
| CVE-2023-39020 | unknown | — | — | 3y ago | Code injection in stanford-parser | |||
| CVE-2023-39015 | unknown | — | — | 3y ago | Code injection in webmagic-core | |||
| CVE-2023-39022 | unknown | — | — | 3y ago | Code injection in oscore | |||
| CVE-2023-39010 | unknown | — | — | 3y ago | Code injection in BoofCV | |||
| CVE-2023-39021 | unknown | — | — | 3y ago | Code injection in wix-embedded-mysql | |||
| CVE-2023-38992 | unknown | — | — | 3y ago | SQL injection in jeecg-boot | |||
| CVE-2023-39013 | unknown | — | — | 3y ago | Code injection in Duke | |||
| CVE-2023-3990 | unknown | — | — | 3y ago | Cross-site Scripting in Mingsoft MCMS | |||
| CVE-2023-38509 | unknown | — | — | 3y ago | Obfuscated email addresses should not be sorted | |||
| CVE-2023-3442 | unknown | — | — | 3y ago | Missing authorization in Jenkins Plug-in for ServiceNow | |||
| CVE-2023-3414 | unknown | — | — | 3y ago | Credential leakage in Jenkins Plug-in for ServiceNow | |||
| CVE-2023-39155 | unknown | — | — | 3y ago | Secret displayed without masking by Chef Identity Plugin | |||
| CVE-2023-39154 | unknown | — | — | 3y ago | Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials | |||
| CVE-2023-39151 | unknown | — | — | 3y ago | Jenkins Stored Cross-site Scripting vulnerability | |||
| CVE-2023-39156 | unknown | — | — | 3y ago | CSRF vulnerability in Bazaar Plugin | |||
| CVE-2023-39152 | unknown | — | — | 3y ago | Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log | |||
| CVE-2023-39153 | unknown | — | — | 3y ago | CSRF vulnerability in GitLab Authentication Plugin | |||
| CVE-2023-38647 | unknown | — | — | 3y ago | Deserialization vulnerability in Helix workflow and REST | |||
| CVE-2023-38435 | unknown | — | — | 3y ago | Cross-site Scripting in healthcheck webconsole plugin | |||
| CVE-2023-38493 | unknown | — | — | 3y ago | Paths contain matrix variables bypass decorators | |||
| CVE-2023-37460 | unknown | — | — | 3y ago | Arbitrary File Creation in AbstractUnArchiver | |||
| CVE-2023-37895 | unknown | — | — | 3y ago | Remote code execution in Apache Jackrabbit | |||
| CVE-2023-3637 | unknown | — | — | 3y ago | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates re… | |||
| CVE-2023-34434 | unknown | — | — | 3y ago | JDBC URL bypassing by allowLoadLocalInfileInPath param | |||
| CVE-2023-35088 | unknown | — | — | 3y ago | SQL injection in audit endpoint | |||
| CVE-2023-34189 | unknown | — | — | 3y ago | Apache InLong: General user can delete and update process | |||
| CVE-2023-34478 | unknown | — | — | 3y ago | Path Traversal in Apache Shiro | |||
| CVE-2023-3815 | unknown | — | — | 3y ago | RuoYi vulnerable to Cross-site Scripting | |||
| CVE-2023-37602 | unknown | — | — | 3y ago | Alkacon OpenCMS arbitrary file upload vulnerability | |||
| CVE-2023-37471 | unknown | — | — | 3y ago | OpenAM vulnerable to user impersonation using SAMLv1.x SSO process | |||
| CVE-2023-37276 | unknown | — | — | 3y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request pars… | |||
| CVE-2023-33265 | unknown | — | — | 3y ago | Hazelcast Executor Services don't check client permissions properly | |||
| CVE-2023-32262 | unknown | — | — | 3y ago | Exposure of system-scoped credentials in Jenkins Dimensions Plugin | |||
| CVE-2023-32263 | unknown | — | — | 3y ago | Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin | |||
| CVE-2023-32261 | unknown | — | — | 3y ago | Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs | |||
| CVE-2023-34034 | unknown | — | — | 3y ago | Access Control Bypass in Spring Security | |||
| CVE-2023-28754 | unknown | — | — | 3y ago | Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability | |||
| CVE-2023-0105 | unknown | — | — | 3y ago | Keycloak: Impersonation and lockout possible through incorrect handling of email trust | |||
| CVE-2023-37476 | unknown | — | — | 3y ago | OpenRefine vulnerable to zip slip in project import | |||
| CVE-2023-34035 | unknown | — | — | 3y ago | Spring Security's authorization rules can be misconfigured when using multiple servlets | |||
| CVE-2023-34036 | unknown | — | — | 3y ago | Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax | |||
| CVE-2023-26512 | unknown | — | — | 3y ago | rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message | |||
| CVE-2023-37462 | unknown | — | — | 3y ago | org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability |