CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 81
«« 先頭 « 前へ 1 / 5 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2022-25222 Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. 9.8 1.62% 2022-03-23 2026-06-17
CVE-2022-25226 ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server. 10.0 11.03% 2022-04-18 2026-06-17
CVE-2022-41711 Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. 9.8 1.55% 2022-10-25 2026-06-17
CVE-2022-42744 CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. 9.8 1.20% 2022-11-03 2026-06-17
CVE-2022-41705 Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. 9.8 1.81% 2022-11-25 2026-06-17
CVE-2022-45476 Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. 9.8 0.95% 2022-11-25 2026-06-17
CVE-2023-1721 Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. 9.1 0.99% 2023-06-23 2026-06-17
CVE-2023-1722 Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. 9.1 0.36% 2023-06-23 2026-06-17
CVE-2023-2507 CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. 9.3 0.67% 2023-07-15 2026-06-17
CVE-2023-43013 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. 9.8 0.71% 2023-09-28 2026-06-17
CVE-2023-5004 Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. 9.8 0.90% 2023-09-28 2026-06-17
CVE-2023-5053 Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. 9.8 0.90% 2023-09-28 2026-06-17
CVE-2023-5185 Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 9.1 1.20% 2023-09-28 2026-06-17
CVE-2023-43739 The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44163 The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44164 The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44166 The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44267 Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.68% 2023-10-26 2026-06-17
CVE-2023-45111 Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.70% 2023-11-01 2026-06-17
CVE-2023-45012 Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2023-11-01 2026-06-17
«« 先頭 « 前へ 1 / 5 次へ »
cvelogic Threat Intelligence