CVEs from 2023
Total
6,211
critical
critical 239
high
high 1,498
medium
medium 1,404
low
low 30
% Critical
3.8%
% with KEV
2.6%
% with exploit
3.4%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-23847 | unknown | — | — | 3y ago | CSRF vulnerability in Synopsys Jenkins Coverity Plugin | |||
| CVE-2023-23850 | unknown | — | — | 3y ago | Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions | |||
| CVE-2023-25763 | unknown | — | — | 3y ago | Cross-site Scripting in Jenkins Email Extension Plugin | |||
| CVE-2023-25762 | unknown | — | — | 3y ago | Cross-site Scripting in Jenkins Pipeline: Build Step Plugin | |||
| CVE-2023-25764 | unknown | — | — | 3y ago | Cross-site Scripting in Jenkins Email Extension Plugin | |||
| CVE-2023-25761 | unknown | — | — | 3y ago | Cross-site Scripting in Jenkins JUnit Plugin | |||
| CVE-2023-25766 | unknown | — | — | 3y ago | Missing Authorization in Jenkins Azure Credentials Plugin | |||
| CVE-2023-25767 | unknown | — | — | 3y ago | Cross-Site Request Forgery in Jenkins Azure Credentials Plugin | |||
| CVE-2023-25768 | unknown | — | — | 3y ago | Missing Authorization in Jenkins Azure Credentials Plugin | |||
| CVE-2023-25765 | unknown | — | — | 3y ago | Sandbox escape in Jenkins Email Extension Plugin | |||
| CVE-2023-30798 | unknown | — | — | 3y ago | There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause e… | |||
| CVE-2023-25141 | unknown | — | — | 3y ago | Command injection in Apache Sling | |||
| CVE-2023-24187 | unknown | — | — | 3y ago | XML External Entity Reference in ureport | |||
| CVE-2023-24188 | unknown | — | — | 3y ago | Arbitrary file deletion in ureport | |||
| CVE-2023-22832 | unknown | — | — | 3y ago | XML External Entity Reference in Apache NiFi | |||
| CVE-2023-24815 | unknown | — | — | 3y ago | StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route | |||
| CVE-2023-22849 | unknown | — | — | 3y ago | Sling App CMS Cross-site Scripting vulnerability | |||
| CVE-2023-0674 | unknown | — | — | 3y ago | Cross-Site Request Forgery in XXL Job | |||
| CVE-2023-24977 | unknown | — | — | 3y ago | Apache InLong contains Out-of-bounds Read vulnerability | |||
| CVE-2023-24162 | unknown | — | — | 3y ago | Dromara Hutool Deserialization of Untrusted Data vulnerability | |||
| CVE-2023-24163 | unknown | — | — | 3y ago | Dromara hutool vulnerable to SQL Injection | |||
| CVE-2023-24422 | unknown | — | — | 3y ago | Sandbox bypass in Jenkins Script Security Plugin | |||
| CVE-2023-24442 | unknown | — | — | 3y ago | Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin | |||
| CVE-2023-24440 | unknown | — | — | 3y ago | Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24425 | unknown | — | — | 3y ago | Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin | |||
| CVE-2023-24443 | unknown | — | — | 3y ago | XML Entity Expansion in Jenkins TestComplete support Plugin | |||
| CVE-2023-24448 | unknown | — | — | 3y ago | Missing permission check in Jenkins RabbitMQ Consumer Plugin | |||
| CVE-2023-24445 | unknown | — | — | 3y ago | Open redirect vulnerability in Jenkins OpenID Plugin | |||
| CVE-2023-24434 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin | |||
| CVE-2023-24426 | unknown | — | — | 3y ago | Insufficient Session Expiration in Jenkins Azure AD Plugin | |||
| CVE-2023-24454 | unknown | — | — | 3y ago | Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin | |||
| CVE-2023-24456 | unknown | — | — | 3y ago | Session fixation vulnerability in Jenkins Keycloak Authentication Plugin | |||
| CVE-2023-24453 | unknown | — | — | 3y ago | Missing permission check in Jenkins TestQuality Updater Plugin | |||
| CVE-2023-24441 | unknown | — | — | 3y ago | XML external entity vulnerability on agents in Jenkins MSTest Plugin | |||
| CVE-2023-24438 | unknown | — | — | 3y ago | Missing permissions check in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24423 | unknown | — | — | 3y ago | Cross-site request forgery in Jenkins Gerrit Trigger Plugin | |||
| CVE-2023-24446 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins OpenID Plugin | |||
| CVE-2023-24449 | unknown | — | — | 3y ago | Path traversal vulnerability in Jenkins PWauth Security Realm Plugin | |||
| CVE-2023-24428 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin | |||
| CVE-2023-24450 | unknown | — | — | 3y ago | Passwords stored in plain text by Jenkins view-cloner Plugin | |||
| CVE-2023-24439 | unknown | — | — | 3y ago | Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24427 | unknown | — | — | 3y ago | Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin | |||
| CVE-2023-24429 | unknown | — | — | 3y ago | Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin | |||
| CVE-2023-24444 | unknown | — | — | 3y ago | Session fixation vulnerability in Jenkins OpenID Plugin | |||
| CVE-2023-24433 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Orka Plugin allow capturing credentials | |||
| CVE-2023-24455 | unknown | — | — | 3y ago | Path Traversal in Jenkins visualexpert Plugin | |||
| CVE-2023-24430 | unknown | — | — | 3y ago | XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin | |||
| CVE-2023-24436 | unknown | — | — | 3y ago | Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs | |||
| CVE-2023-24451 | unknown | — | — | 3y ago | Cisco Spark Notifier Jenkins Plugin contains Missing Authorization | |||
| CVE-2023-24431 | unknown | — | — | 3y ago | Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs | |||
| CVE-2023-24447 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin | |||
| CVE-2023-24424 | unknown | — | — | 3y ago | Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin | |||
| CVE-2023-24452 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins TestQuality Updater Plugin | |||
| CVE-2023-24435 | unknown | — | — | 3y ago | Missing permission checks in Jenkins GitHub Pull Request Builder Plugin | |||
| CVE-2023-24432 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials | |||
| CVE-2023-24437 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin | |||
| CVE-2023-24457 | unknown | — | — | 3y ago | CSRF vulnerability in Jenkins Keycloak Authentication Plugin | |||
| CVE-2023-24459 | unknown | — | — | 3y ago | Missing permission check in Jenkins BearyChat Plugin | |||
| CVE-2023-24458 | unknown | — | — | 3y ago | Cross-site request forgery vulnerability in Jenkins BearyChat Plugin | |||
| CVE-2023-23613 | unknown | — | — | 3y ago | Field-level security issue with .keyword fields in OpenSearch | |||
| CVE-2023-23612 | unknown | — | — | 3y ago | Issue with whitespace in JWT roles in OpenSearch | |||
| CVE-2023-24057 | unknown | — | — | 3y ago | MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core` | |||
| CVE-2023-22742 | unknown | — | — | 3y ago | libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versio… | |||
| CVE-2023-22602 | unknown | — | — | 3y ago | Apache Shiro Interpretation Conflict vulnerability | |||
| CVE-2023-0091 | unknown | — | — | 3y ago | Keycloak has lack of validation of access token on client registrations endpoint | |||
| CVE-2023-22899 | unknown | — | — | 3y ago | Zip4j Origin Validation Error | |||
| CVE-2023-22465 | unknown | — | — | 3y ago | Http4s improperly parses User-Agent and Server headers | |||
| CVE-2023-22457 | unknown | — | — | 3y ago | XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery | |||
| CVE-2023-22466 | unknown | — | — | 4y ago | Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` … |