NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2022-25222 | Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. | 9.8 | 1.62% | 2022-03-23 | 2026-06-17 |
| CVE-2022-25226 | ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server. | 10.0 | 11.03% | 2022-04-18 | 2026-06-17 |
| CVE-2022-41711 | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 9.8 | 1.55% | 2022-10-25 | 2026-06-17 |
| CVE-2022-42744 | CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. | 9.8 | 1.20% | 2022-11-03 | 2026-06-17 |
| CVE-2022-41705 | Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 9.8 | 1.81% | 2022-11-25 | 2026-06-17 |
| CVE-2022-45476 | Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. | 9.8 | 0.95% | 2022-11-25 | 2026-06-17 |
| CVE-2023-1721 | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 9.1 | 0.99% | 2023-06-23 | 2026-06-17 |
| CVE-2023-1722 | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 9.1 | 0.36% | 2023-06-23 | 2026-06-17 |
| CVE-2023-2507 | CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | 9.3 | 0.67% | 2023-07-15 | 2026-06-17 |
| CVE-2023-43013 | Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | 0.71% | 2023-09-28 | 2026-06-17 |
| CVE-2023-5004 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | 0.90% | 2023-09-28 | 2026-06-17 |
| CVE-2023-5053 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | 0.90% | 2023-09-28 | 2026-06-17 |
| CVE-2023-5185 | Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 9.1 | 1.20% | 2023-09-28 | 2026-06-17 |
| CVE-2023-43739 | The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44163 | The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44164 | The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44166 | The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44267 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.68% | 2023-10-26 | 2026-06-17 |
| CVE-2023-45111 | Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-01 | 2026-06-17 |
| CVE-2023-45012 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2023-11-01 | 2026-06-17 |