CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 6180 / 395
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-46791 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2023-12-21 2024-01-02
CVE-2023-46792 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2023-11-07 2024-01-02
CVE-2023-46794 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2023-11-07 2024-01-02
CVE-2023-46795 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2023-11-07 2024-01-02
CVE-2023-46796 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2023-11-07 2024-01-02
CVE-2023-46797 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2023-11-07 2024-01-02
CVE-2023-46798 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2023-11-07 2024-01-02
CVE-2023-46799 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2023-11-07 2024-01-02
CVE-2024-1216 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2024-02-13 2024-03-20
CVE-2026-3126 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 該当なし 2026-03-25 2026-03-25
CVE-2022-0698 Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. 6.1 0.68% 2022-11-25 2026-06-17
CVE-2022-1716 Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 4.6 0.41% 2022-06-02 2026-06-17
CVE-2022-1955 Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 4.6 0.35% 2022-06-30 2026-06-17
CVE-2022-1959 AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations. 6.6 0.42% 2022-09-30 2026-06-17
CVE-2022-22700 CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. 5.3 1.08% 2022-03-03 2026-06-17
CVE-2022-22701 PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files. 6.5 1.02% 2022-01-10 2026-06-17
CVE-2022-22702 PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. 4.3 0.71% 2022-01-10 2026-06-17
CVE-2022-23043 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server. 7.2 1.44% 2022-02-24 2026-06-17
CVE-2022-23044 Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF. 8.8 0.42% 2022-11-25 2026-06-17
CVE-2022-23045 PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS. 4.8 0.62% 2022-01-19 2026-06-17
cvelogic Threat Intelligence