NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2023-30787 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. | 5.4 | 0.64% | 2023-05-08 | 2026-06-17 |
| CVE-2023-30788 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. | 5.4 | 0.64% | 2023-05-08 | 2026-06-17 |
| CVE-2023-30789 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. | 5.4 | 0.67% | 2023-05-08 | 2026-06-17 |
| CVE-2023-30790 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | 5.4 | 0.64% | 2023-05-08 | 2026-06-17 |
| CVE-2023-30791 | Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. | 7.1 | 0.46% | 2023-07-15 | 2026-06-17 |
| CVE-2023-3550 | Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. | 7.3 | 1.15% | 2023-09-25 | 2026-06-17 |
| CVE-2023-3726 | OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | 6.9 | 0.54% | 2024-01-04 | 2026-06-17 |
| CVE-2023-3891 | Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system | 7.3 | 0.27% | 2023-09-14 | 2026-06-17 |
| CVE-2023-4122 | Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 9.9 | 1.45% | 2023-12-07 | 2026-06-17 |
| CVE-2023-43013 | Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | 0.71% | 2023-09-28 | 2026-06-17 |
| CVE-2023-43014 | Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | 8.8 | 0.65% | 2023-09-28 | 2026-06-17 |
| CVE-2023-4316 | Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. | 7.5 | 0.76% | 2023-09-28 | 2026-06-17 |
| CVE-2023-43702 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | 0.43% | 2023-09-29 | 2026-06-17 |
| CVE-2023-43703 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | 0.43% | 2023-09-29 | 2026-06-17 |
| CVE-2023-43704 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | 0.43% | 2023-09-29 | 2026-06-17 |
| CVE-2023-43705 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | 0.43% | 2023-09-29 | 2026-06-17 |
| CVE-2023-43706 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | 0.43% | 2023-09-29 | 2026-06-17 |
| CVE-2023-43707 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | 0.43% | 2023-09-29 | 2026-06-17 |
| CVE-2023-43708 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | 0.43% | 2023-09-29 | 2026-06-17 |
| CVE-2023-43709 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | 0.43% | 2023-09-29 | 2026-06-17 |