NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-1651 | Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. | 10.0 | 80.59% | 2024-02-20 | 2025-02-12 |
| CVE-2022-25226 | ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server. | 10.0 | 81.89% | 2022-04-18 | 2024-11-21 |
| CVE-2024-1644 | Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI. | 9.9 | 0.24% | 2024-02-20 | 2024-12-31 |
| CVE-2023-4122 | Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 9.9 | 1.45% | 2023-12-07 | 2024-11-21 |
| CVE-2023-50867 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50866 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50865 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50864 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50863 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50862 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50753 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50752 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.08% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50743 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-5053 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | 0.05% | 2023-09-28 | 2024-11-21 |
| CVE-2023-5008 | Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | 0.03% | 2023-12-08 | 2024-11-21 |
| CVE-2023-5004 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | 0.05% | 2023-09-28 | 2024-11-21 |
| CVE-2023-49689 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.15% | 2023-12-22 | 2024-11-21 |
| CVE-2023-49688 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.15% | 2023-12-22 | 2024-11-21 |
| CVE-2023-49681 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.15% | 2023-12-21 | 2024-11-21 |
| CVE-2023-49677 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.14% | 2023-12-21 | 2024-11-21 |