CVEs from 2023
Total
6,213
critical
critical 239
high
high 1,498
medium
medium 1,404
low
low 30
% Critical
3.8%
% with KEV
2.6%
% with exploit
3.4%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35839 | unknown | — | — | 3y ago | Solon vulnerable to deserialization of untrusted data | |||
| CVE-2023-3308 | unknown | — | — | 3y ago | Whaleal IceFrog is vulnerable to deserialization | |||
| CVE-2023-34660 | unknown | — | — | 3y ago | jeecg-boot unrestricted file upload vulnerability | |||
| CVE-2023-34659 | unknown | — | — | 3y ago | jeecg-boot SQL injection vulnerability | |||
| CVE-2023-34455 | unknown | — | — | 3y ago | snappy-java's unchecked chunk length leads to DoS | |||
| CVE-2023-34454 | unknown | — | — | 3y ago | snappy-java's Integer Overflow vulnerability in compress leads to DoS | |||
| CVE-2023-34453 | unknown | — | — | 3y ago | snappy-java's Integer Overflow vulnerability in shuffle leads to DoS | |||
| CVE-2023-3276 | unknown | — | — | 3y ago | HuTool XML parsing module has blind XXE vulnerability | |||
| CVE-2023-35030 | unknown | — | — | 3y ago | Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module | |||
| CVE-2023-3193 | unknown | — | — | 3y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module | |||
| CVE-2023-2976 | unknown | — | — | 3y ago | Guava vulnerable to insecure use of temporary directory | |||
| CVE-2023-35110 | unknown | — | — | 3y ago | jjson vulnerable to stack exhaustion | |||
| CVE-2023-34612 | unknown | — | — | 3y ago | ph-json vulnerable to stack exhaustion | |||
| CVE-2023-34616 | unknown | — | — | 3y ago | pbjson vulnerable to stack exhaustion | |||
| CVE-2023-34613 | unknown | — | — | 3y ago | sojo vulnerable to stack exhaustion | |||
| CVE-2023-34610 | unknown | — | — | 3y ago | json-io vulnerable to stack exhaustion | |||
| CVE-2023-34614 | unknown | — | — | 3y ago | jsonij vulnerable to stack exhaustion | |||
| CVE-2023-34615 | unknown | — | — | 3y ago | JSONUtil vulnerable to stack exhaustion | |||
| CVE-2023-34617 | unknown | — | — | 3y ago | genson vulnerable to stack exhaustion | |||
| CVE-2023-34624 | unknown | — | — | 3y ago | htmlcleaner vulnerable to stack exhaustion | |||
| CVE-2023-35143 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins Maven Repository Server Plugin | |||
| CVE-2023-35145 | unknown | — | — | 3y ago | Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting | |||
| CVE-2023-35148 | unknown | — | — | 3y ago | Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2023-35142 | unknown | — | — | 3y ago | SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin | |||
| CVE-2023-35144 | unknown | — | — | 3y ago | Stored XSS vulnerability in Jenkins Maven Repository Server Plugin | |||
| CVE-2023-35147 | unknown | — | — | 3y ago | Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin | |||
| CVE-2023-35149 | unknown | — | — | 3y ago | Jenkins Digital.ai App Management Publisher Plugin missing permission checks | |||
| CVE-2023-35146 | unknown | — | — | 3y ago | Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting | |||
| CVE-2023-35141 | unknown | — | — | 3y ago | Jenkins CSRF protection bypass vulnerability | |||
| CVE-2023-34149 | unknown | — | — | 3y ago | Apache Struts vulnerable to memory exhaustion | |||
| CVE-2023-34396 | unknown | — | — | 3y ago | Apache Struts vulnerable to memory exhaustion | |||
| CVE-2023-33695 | unknown | — | — | 3y ago | Insecure Temporary File in HuTool | |||
| CVE-2023-34212 | unknown | — | — | 3y ago | Apache NiFi vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-35042 | unknown | — | — | 3y ago | GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language | |||
| CVE-2023-3163 | unknown | — | — | 3y ago | RuoYi Uncontrolled Resource Consumption vulnerability | |||
| CVE-2023-33510 | unknown | — | — | 3y ago | Jeecg P3 Biz Chat allows remote attackers to read arbitrary files | |||
| CVE-2023-33496 | unknown | — | — | 3y ago | xxl-rpc deserialization vulnerability | |||
| CVE-2023-33962 | unknown | — | — | 3y ago | JStachio XSS vulnerability: Unescaped single quotes | |||
| CVE-2023-32310 | unknown | — | — | 3y ago | DataEase API interface has IDOR vulnerability | |||
| CVE-2023-33546 | unknown | — | — | 3y ago | janino vulnerable to denial of service due to stack overflow | |||
| CVE-2023-33544 | unknown | — | — | 3y ago | hawtio vulnerable to Path Traversal | |||
| CVE-2023-1521 | unknown | — | — | 3y ago | On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (… | |||
| CVE-2023-33199 | unknown | — | — | 3y ago | Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a pan… | |||
| CVE-2023-20883 | unknown | — | — | 3y ago | Spring Boot Welcome Page Denial of Service | |||
| CVE-2023-33779 | unknown | — | — | 3y ago | Privilege escalation in XXL-Job | |||
| CVE-2023-2798 | unknown | — | — | 3y ago | Unrestricted recursion in htmlunit | |||
| CVE-2023-33948 | unknown | — | — | 3y ago | Missing authorization in Liferay portal | |||
| CVE-2023-33945 | unknown | — | — | 3y ago | SQL injection in Liferay Portal | |||
| CVE-2023-33949 | unknown | — | — | 3y ago | Insecure Default Initialization In Liferay Portal | |||
| CVE-2023-33950 | unknown | — | — | 3y ago | Liferay Portal has Inefficient Regular Expression | |||
| CVE-2023-33946 | unknown | — | — | 3y ago | Liferay portal unauthorized access to objects via OAuth 2 scope | |||
| CVE-2023-33947 | unknown | — | — | 3y ago | Liferay portal has unauthorized access to object definition via search | |||
| CVE-2023-33944 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33940 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33938 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33942 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33941 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33943 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33939 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-33937 | unknown | — | — | 3y ago | Cross-site scripting in Liferay Portal | |||
| CVE-2023-32697 | unknown | — | — | 3y ago | Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled | |||
| CVE-2023-31826 | unknown | — | — | 3y ago | Command injection in nevado-jms | |||
| CVE-2023-31101 | unknown | — | — | 3y ago | User data exposure in Apache InLong | |||
| CVE-2023-33264 | unknown | — | — | 3y ago | Hazelcast vulnerable to unmasked password exposure | |||
| CVE-2023-29159 | unknown | — | — | 3y ago | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. | |||
| CVE-2023-31544 | unknown | — | — | 3y ago | alkacon-OpenCMS vulnerable to stored Cross-site Scripting | |||
| CVE-2023-2631 | unknown | — | — | 3y ago | Jenkins Code Dx Plugin missing permission checks | |||
| CVE-2023-2195 | unknown | — | — | 3y ago | Jenkins Code Dx Plugin cross-site request forgery vulnerability | |||
| CVE-2023-2633 | unknown | — | — | 3y ago | Jenkins Code Dx Plugin displays API keys in plain text | |||
| CVE-2023-32982 | unknown | — | — | 3y ago | Jenkins Ansible Plugin stores and displays secrets in plain text | |||
| CVE-2023-33000 | unknown | — | — | 3y ago | Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking | |||
| CVE-2023-33004 | unknown | — | — | 3y ago | Jenkins Tag Profiler Plugin missing permission check | |||
| CVE-2023-32995 | unknown | — | — | 3y ago | Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-32992 | unknown | — | — | 3y ago | Jenkins SAML Single Sign On(SSO) Plugin missing permission checks | |||
| CVE-2023-32978 | unknown | — | — | 3y ago | Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2023-33003 | unknown | — | — | 3y ago | Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2023-32984 | unknown | — | — | 3y ago | Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability | |||
| CVE-2023-32977 | unknown | — | — | 3y ago | Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting | |||
| CVE-2023-33001 | unknown | — | — | 3y ago | Jenkins HashiCorp Vault Plugin has improper masking of credentials | |||
| CVE-2023-32989 | unknown | — | — | 3y ago | Jenkins Azure VM Agents Plugin Cross-site Request Forgery vulnerability | |||
| CVE-2023-32988 | unknown | — | — | 3y ago | Jenkins Azure VM Agents Plugin missing permission checks | |||
| CVE-2023-33006 | unknown | — | — | 3y ago | Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability | |||
| CVE-2023-32994 | unknown | — | — | 3y ago | Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation | |||
| CVE-2023-2196 | unknown | — | — | 3y ago | Jenkins Code Dx Plugin missing permission checks | |||
| CVE-2023-2632 | unknown | — | — | 3y ago | Jenkins Code Dx Plugin stores API keys in plain text | |||
| CVE-2023-32979 | unknown | — | — | 3y ago | Jenkins Email Extension Plugin missing permission check | |||
| CVE-2023-32998 | unknown | — | — | 3y ago | Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-32987 | unknown | — | — | 3y ago | Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability | |||
| CVE-2023-32993 | unknown | — | — | 3y ago | Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation | |||
| CVE-2023-33007 | unknown | — | — | 3y ago | Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability | |||
| CVE-2023-32983 | unknown | — | — | 3y ago | Jenkins Ansible Plugin job configuration form does not mask variables | |||
| CVE-2023-32981 | unknown | — | — | 3y ago | Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability | |||
| CVE-2023-32996 | unknown | — | — | 3y ago | Jenkins SAML Single Sign On(SSO) Plugin missing permission checks | |||
| CVE-2023-33005 | unknown | — | — | 3y ago | Jenkins WSO2 Oauth Plugin Session Fixation vulnerability | |||
| CVE-2023-32991 | unknown | — | — | 3y ago | Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-33002 | unknown | — | — | 3y ago | TestComplete support Plugin vulnerable to stored Cross-site Scripting | |||
| CVE-2023-32985 | unknown | — | — | 3y ago | Jenkins Sidebar Link Plugin vulnerable to Path Traversal | |||
| CVE-2023-32990 | unknown | — | — | 3y ago | Jenkins Azure VM Agents Plugin missing permission checks | |||
| CVE-2023-32980 | unknown | — | — | 3y ago | Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2023-32986 | unknown | — | — | 3y ago | Jenkins File Parameter Plugin arbitrary file write vulnerability |