CVEs from 2023
Total
6,211
critical
critical 239
high
high 1,498
medium
medium 1,404
low
low 30
% Critical
3.8%
% with KEV
2.6%
% with exploit
3.4%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-29014 | unknown | — | — | 3y ago | Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter | |||
| CVE-2023-29015 | unknown | — | — | 3y ago | Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments | |||
| CVE-2023-29016 | unknown | — | — | 3y ago | Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames | |||
| CVE-2023-25330 | unknown | — | — | 3y ago | MyBatis-Plus vulnerable to SQL injection via TenantPlugin | |||
| CVE-2023-28840 | unknown | — | — | 3y ago | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon componen… | |||
| CVE-2023-28841 | unknown | — | — | 3y ago | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon componen… | |||
| CVE-2023-28842 | unknown | — | — | 3y ago | Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon compone… | |||
| CVE-2023-26269 | unknown | — | — | 3y ago | Apache James server's JMX management service vulnerable to privilege escalation by local user | |||
| CVE-2023-28677 | unknown | — | — | 3y ago | Jenkins Convert To Pipeline Plugin vulnerable to command injection | |||
| CVE-2023-28674 | unknown | — | — | 3y ago | Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery | |||
| CVE-2023-28680 | unknown | — | — | 3y ago | Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks | |||
| CVE-2023-28671 | unknown | — | — | 3y ago | Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery | |||
| CVE-2023-28678 | unknown | — | — | 3y ago | Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS) | |||
| CVE-2023-28672 | unknown | — | — | 3y ago | Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture | |||
| CVE-2023-28668 | unknown | — | — | 3y ago | Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled | |||
| CVE-2023-28669 | unknown | — | — | 3y ago | Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting | |||
| CVE-2023-28681 | unknown | — | — | 3y ago | Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks | |||
| CVE-2023-28679 | unknown | — | — | 3y ago | Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting | |||
| CVE-2023-28676 | unknown | — | — | 3y ago | Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery | |||
| CVE-2023-28675 | unknown | — | — | 3y ago | Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections | |||
| CVE-2023-28673 | unknown | — | — | 3y ago | Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration | |||
| CVE-2023-28670 | unknown | — | — | 3y ago | Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting | |||
| CVE-2023-28682 | unknown | — | — | 3y ago | Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks | |||
| CVE-2023-28683 | unknown | — | — | 3y ago | Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks | |||
| CVE-2023-28684 | unknown | — | — | 3y ago | Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks | |||
| CVE-2023-27025 | unknown | — | — | 3y ago | RuoYi vulnerable to arbitrary file download | |||
| CVE-2023-27162 | unknown | — | — | 3y ago | OpenAPI Generator vulnerable to Server-Side Request Forgery | |||
| CVE-2023-1784 | unknown | — | — | 3y ago | jeecg-boot vulnerable to improper authentication | |||
| CVE-2023-28462 | unknown | — | — | 3y ago | Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed | |||
| CVE-2023-28935 | unknown | — | — | 3y ago | Apache UIMA DUCC allows remote code execution | |||
| CVE-2023-28158 | unknown | — | — | 3y ago | Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS) | |||
| CVE-2023-25722 | unknown | — | — | 3y ago | Veracode Scan Jenkins Plugin vulnerable to information disclosure | |||
| CVE-2023-25721 | unknown | — | — | 3y ago | Veracode Scan Jenkins Plugin vulnerable to information disclosure | |||
| CVE-2023-28326 | unknown | — | — | 3y ago | Apache OpenMeetings missing authentication and can allow user impersonation | |||
| CVE-2023-20860 | unknown | — | — | 3y ago | Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch | |||
| CVE-2023-28628 | unknown | — | — | 3y ago | lambdaisland/uri `authority-regex` returns the wrong authority | |||
| CVE-2023-28640 | unknown | — | — | 3y ago | Apiman vulnerable to permissions bypass due to missing check on API key URL | |||
| CVE-2023-27096 | unknown | — | — | 3y ago | Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module | |||
| CVE-2023-27296 | unknown | — | — | 3y ago | Apache InLong vulnerable to JDBC Deserialization of Untrusted Data | |||
| CVE-2023-28867 | unknown | — | — | 3y ago | GraphQL Java vulnerable to stack consumption | |||
| CVE-2023-20859 | unknown | — | — | 3y ago | Spring Vault vulnerable to insertion of sensitive information into a log file | |||
| CVE-2023-20861 | unknown | — | — | 3y ago | Spring Framework vulnerable to denial of service via specially crafted SpEL expression | |||
| CVE-2023-1370 | unknown | — | — | 3y ago | json-smart Uncontrolled Recursion vulnerability | |||
| CVE-2023-27094 | unknown | — | — | 3y ago | Hippo4j privilege escalation issue | |||
| CVE-2023-0870 | unknown | — | — | 3y ago | OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery | |||
| CVE-2023-1436 | unknown | — | — | 3y ago | Jettison vulnerable to infinite recursion | |||
| CVE-2023-27087 | unknown | — | — | 3y ago | Xuxueli xxl-job allows attacker to obtain sensitive information via the pageList parameter | |||
| CVE-2023-28118 | unknown | — | — | 3y ago | kaml has potential denial of service while parsing input with anchors and aliases | |||
| CVE-2023-26513 | unknown | — | — | 3y ago | Apache Sling Resource Merger has Excessive Iteration vulnerability | |||
| CVE-2023-1454 | unknown | — | — | 3y ago | jeecg-boot SQL Injection vulnerability | |||
| CVE-2023-27095 | unknown | — | — | 3y ago | Exposure of Sensitive Information in OpenGoofy Hippo4j | |||
| CVE-2023-0100 | unknown | — | — | 3y ago | Improper Input Validation In Eclipse BIRT | |||
| CVE-2023-24535 | unknown | — | — | 3y ago | Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a… | |||
| CVE-2023-24279 | unknown | — | — | 3y ago | ONOS vulnerable to reflected cross-site scripting | |||
| CVE-2023-28465 | unknown | — | — | 3y ago | HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057 | |||
| CVE-2023-27901 | unknown | — | — | 3y ago | Denial of service in Jenkins Core | |||
| CVE-2023-27903 | unknown | — | — | 3y ago | Incorrect Authorization in Jenkins Core | |||
| CVE-2023-27902 | unknown | — | — | 3y ago | Incorrect Permission Preservation in Jenkins Core | |||
| CVE-2023-27905 | unknown | — | — | 3y ago | Cross site scripting vulnerability in update-center2 | |||
| CVE-2023-27904 | unknown | — | — | 3y ago | Information disclosure through error stack traces related to agents | |||
| CVE-2023-27898 | unknown | — | — | 3y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2023-27900 | unknown | — | — | 3y ago | Denial of service in Jenkins Core | |||
| CVE-2023-27899 | unknown | — | — | 3y ago | Incorrect Authorization in Jenkins Core | |||
| CVE-2023-26464 | unknown | — | — | 3y ago | Apache Log4j 1.x (EOL) allows Denial of Service (DoS) | |||
| CVE-2023-27480 | unknown | — | — | 3y ago | XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference | |||
| CVE-2023-27479 | unknown | — | — | 3y ago | org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection | |||
| CVE-2023-23638 | unknown | — | — | 3y ago | Apache Dubbo vulnerable to Deserialization of Untrusted Data | |||
| CVE-2023-25806 | unknown | — | — | 3y ago | OpenSearch has time discrepancy in authentication responses | |||
| CVE-2023-24789 | unknown | — | — | 3y ago | jeecg-boot contains SQL Injection vulnerability | |||
| CVE-2023-26056 | unknown | — | — | 3y ago | xwiki contains Incorrect Authorization | |||
| CVE-2023-26480 | unknown | — | — | 3y ago | XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data | |||
| CVE-2023-26479 | unknown | — | — | 3y ago | xwiki vulnerable to Improper Handling of Exceptional Conditions | |||
| CVE-2023-26478 | unknown | — | — | 3y ago | xwiki contains Exposed Dangerous Method or Function | |||
| CVE-2023-26477 | unknown | — | — | 3y ago | org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability | |||
| CVE-2023-26470 | unknown | — | — | 3y ago | XWiki Platform subject to Uncontrolled Resource Consumption | |||
| CVE-2023-26471 | unknown | — | — | 3y ago | XWiki Platform users may execute anything with superadmin right through comments and async macro | |||
| CVE-2023-26055 | unknown | — | — | 3y ago | XWiki Platform may allow privilege escalation to programming rights via user's first name | |||
| CVE-2023-26472 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile | |||
| CVE-2023-26474 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author | |||
| CVE-2023-26476 | unknown | — | — | 3y ago | XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor | |||
| CVE-2023-26473 | unknown | — | — | 3y ago | Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm | |||
| CVE-2023-0264 | unknown | — | — | 3y ago | Keycloak vulnerable to user impersonation via stolen UUID code | |||
| CVE-2023-26475 | unknown | — | — | 3y ago | xwiki-platform vulnerable to Remote Code Execution in Annotations | |||
| CVE-2023-0481 | unknown | — | — | 3y ago | RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions | |||
| CVE-2023-0044 | unknown | — | — | 3y ago | Cross-site Scripting in Quarkus | |||
| CVE-2023-0815 | unknown | — | — | 3y ago | OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability | |||
| CVE-2023-0869 | unknown | — | — | 3y ago | Cross Site Scripting in OpenNMS | |||
| CVE-2023-0867 | unknown | — | — | 3y ago | OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting | |||
| CVE-2023-0868 | unknown | — | — | 3y ago | OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting | |||
| CVE-2023-25621 | unknown | — | — | 3y ago | Improper Privilege Management in Apache Sling | |||
| CVE-2023-26302 | unknown | — | — | 3y ago | Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | |||
| CVE-2023-26303 | unknown | — | — | 3y ago | Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | |||
| CVE-2023-25570 | unknown | — | — | 3y ago | Apollo has potential access control security issue in eureka | |||
| CVE-2023-25569 | unknown | — | — | 3y ago | apollo-portal has potential CSRF issue | |||
| CVE-2023-0846 | unknown | — | — | 3y ago | OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting | |||
| CVE-2023-25158 | unknown | — | — | 3y ago | GeoTools OGC Filter SQL Injection Vulnerabilities | |||
| CVE-2023-25157 | unknown | — | — | 3y ago | GeoServer OGC Filter SQL Injection Vulnerabilities | |||
| CVE-2023-25613 | unknown | — | — | 3y ago | Apache Kerby LdapIdentityBackend LDAP Injection vulnerability | |||
| CVE-2023-23926 | unknown | — | — | 3y ago | XML External Entity (XXE) vulnerability in apoc.import.graphml | |||
| CVE-2023-23847 | unknown | — | — | 3y ago | CSRF vulnerability in Synopsys Jenkins Coverity Plugin |