CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 81100 / 396
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-30787 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. 5.4 0.64% 2023-05-08 2026-06-17
CVE-2023-30788 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. 5.4 0.64% 2023-05-08 2026-06-17
CVE-2023-30789 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. 5.4 0.67% 2023-05-08 2026-06-17
CVE-2023-30790 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. 5.4 0.64% 2023-05-08 2026-06-17
CVE-2023-30791 Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. 7.1 0.46% 2023-07-15 2026-06-17
CVE-2023-3550 Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. 7.3 1.15% 2023-09-25 2026-06-17
CVE-2023-3726 OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. 6.9 0.54% 2024-01-04 2026-06-17
CVE-2023-3891 Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system 7.3 0.27% 2023-09-14 2026-06-17
CVE-2023-4122 Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 9.9 1.45% 2023-12-07 2026-06-17
CVE-2023-43013 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. 9.8 0.71% 2023-09-28 2026-06-17
CVE-2023-43014 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. 8.8 0.65% 2023-09-28 2026-06-17
CVE-2023-4316 Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. 7.5 0.76% 2023-09-28 2026-06-17
CVE-2023-43702 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43703 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43704 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43705 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43706 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43707 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43708 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43709 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
cvelogic Threat Intelligence