Top 10 CVEs of 2023
2023
Six data-derived top-10 lists for CVEs published or KEV-added in 2023. No editorial scoring; everything below is computed directly from the ingested corpus.
Top 10 most severe CVEs of 2023
Ranked by CVSS v3 base score, descending. Ties broken by KEV status, then EPSS score, then publish date.
| # | CVE | Severity | CVSS | KEV | Summary |
|---|---|---|---|---|---|
| 1 | CVE-2023-46604 | Critical | 10.0 | KEV | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. |
| 2 | CVE-2023-20198 | Critical | 10.0 | KEV | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. |
| 3 | CVE-2023-7028 | Critical | 10.0 | KEV | An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which… |
| 4 | CVE-2023-40044 | Critical | 10.0 | KEV | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. |
| 5 | CVE-2023-49103 | Critical | 10.0 | KEV | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. |
| 6 | CVE-2023-41892 | Critical | 10.0 | — | Craft CMS is a platform for creating digital experiences. |
| 7 | CVE-2023-46731 | Critical | 10.0 | — | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. |
| 8 | CVE-2023-26477 | Critical | 10.0 | — | XWiki Platform is a generic wiki platform. |
| 9 | CVE-2023-27482 | Critical | 10.0 | — | homeassistant is an open source home automation tool. |
| 10 | CVE-2023-2825 | Critical | 10.0 | — | An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. |
Top 10 actively exploited CVEs of 2023
CVEs added to the CISA Known Exploited Vulnerabilities catalog during the year, newest first. Empty for pre-2021 years.
| # | CVE | Severity | CVSS | KEV | Added | Summary |
|---|---|---|---|---|---|---|
| 1 | CVE-2023-47565 | High | 8.0 | KEV | 2023-12-21 | An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. |
| 2 | CVE-2023-49897 | High | 8.8 | KEV | 2023-12-21 | An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. |
| 3 | CVE-2023-6448 | Critical | 9.8 | KEV | 2023-12-11 | Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. |
| 4 | CVE-2023-41266 | High | 8.2 | KEV | 2023-12-07 | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unau… |
| 5 | CVE-2023-41265 | Critical | 9.6 | KEV | 2023-12-07 | An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allow… |
| 6 | CVE-2023-33107 | High | 8.4 | KEV | 2023-12-05 | Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. |
| 7 | CVE-2023-33106 | High | 8.4 | KEV | 2023-12-05 | Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. |
| 8 | CVE-2023-33063 | High | 7.8 | KEV | 2023-12-05 | Memory corruption in DSP Services during a remote call from HLOS to DSP. |
| 9 | CVE-2022-22071 | High | 8.4 | KEV | 2023-12-05 | Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IO… |
| 10 | CVE-2023-42917 | High | 8.8 | KEV | 2023-12-04 | A memory corruption vulnerability was addressed with improved locking. |
Top 10 highest-EPSS CVEs of 2023
FIRST.org Exploit Prediction Scoring System scores, descending. EPSS estimates the probability a CVE will be exploited in the next 30 days.
| # | CVE | Severity | CVSS | KEV | EPSS | Summary |
|---|---|---|---|---|---|---|
| 1 | CVE-2023-22518 | Critical | 9.8 | KEV | 1.000 | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. |
| 2 | CVE-2023-44487 | High | 7.5 | KEV | 1.000 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| 3 | CVE-2023-35082 | Critical | 9.8 | KEV | 1.000 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. |
| 4 | CVE-2023-0669 | High | 7.2 | KEV | 1.000 | Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. |
| 5 | CVE-2023-35078 | Critical | 9.8 | KEV | 1.000 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. |
| 6 | CVE-2023-4966 | Critical | 9.4 | KEV | 1.000 | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. |
| 7 | CVE-2023-27350 | Critical | 9.8 | KEV | 1.000 | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). |
| 8 | CVE-2023-1671 | Critical | 9.8 | KEV | 1.000 | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. |
| 9 | CVE-2023-1389 | High | 8.8 | KEV | 1.000 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. |
| 10 | CVE-2023-32315 | High | 8.6 | KEV | 1.000 | Openfire is an XMPP server licensed under the Open Source Apache License. |
Top 10 most PoC-covered CVEs of 2023
Ranked by the count of indexed public proof-of-concept repositories. Higher counts correlate with weaponisation effort.
| # | CVE | Severity | CVSS | KEV | PoCs | Summary |
|---|---|---|---|---|---|---|
| 1 | CVE-2023-23752 | Medium | 5.3 | KEV | 195 | An issue was discovered in Joomla! |
| 2 | CVE-2023-1234 | Medium | 4.3 | — | 189 | Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| 3 | CVE-2023-38831 | High | 7.8 | KEV | 167 | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. |
| 4 | CVE-2023-44487 | High | 7.5 | KEV | 141 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| 5 | CVE-2023-22515 | Critical | 9.8 | KEV | 136 | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauth… |
| 6 | CVE-2023-23397 | Critical | 9.8 | KEV | 127 | Microsoft Outlook Elevation of Privilege Vulnerability |
| 7 | CVE-2023-7028 | Critical | 10.0 | KEV | 126 | An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which… |
| 8 | CVE-2023-0001 | Medium | 6.0 | — | 116 | An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute pri… |
| 9 | CVE-2023-20198 | Critical | 10.0 | KEV | 109 | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. |
| 10 | CVE-2023-46604 | Critical | 10.0 | KEV | 106 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. |
Top 10 most-vulnerable vendors of 2023
Vendors ranked by distinct CVE count for the year. Counts include every CVE attached to any product the vendor ships in our CPE map.
| # | Vendor | CVE count |
|---|---|---|
| 1 | N/a | 7175 |
| 2 | Linux | 2212 |
| 3 | Microsoft | 1836 |
| 4 | 1546 | |
| 5 | Apple | 982 |
| 6 | Unknown | 827 |
| 7 | Adobe | 633 |
| 8 | Fedoraproject | 566 |
| 9 | Ibm | 529 |
| 10 | Debian | 523 |
Top 10 most-common CWEs of 2023
CWE classification ids ranked by the count of CVEs published in the year that carry them. Each CVE typically lists 1–3 CWE ids; counts reflect the union of those lists across the year's corpus.
| # | CWE | Name | CVE count |
|---|---|---|---|
| 1 | CWE-79 | Cross-site Scripting | 4711 |
| 2 | CWE-787 | Out-of-bounds Write | 2101 |
| 3 | CWE-89 | SQL Injection | 1861 |
| 4 | CWE-862 | Missing Authorization | 1228 |
| 5 | CWE-352 | Cross-Site Request Forgery (CSRF) | 1184 |
| 6 | CWE-125 | Out-of-bounds Read | 1012 |
| 7 | CWE-416 | Use After Free | 809 |
| 8 | CWE-20 | Improper Input Validation | 796 |
| 9 | CWE-22 | Path Traversal | 781 |
| 10 | CWE-78 | OS Command Injection | 617 |