NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2022-41705 | Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 9.8 | 1.81% | 2022-11-25 | 2026-06-17 |
| CVE-2022-41706 | Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. | 8.2 | 0.61% | 2022-11-25 | 2026-06-17 |
| CVE-2022-41707 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public. | 6.5 | 0.79% | 2022-10-19 | 2026-06-17 |
| CVE-2022-41708 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. | 4.3 | 0.50% | 2022-10-19 | 2026-06-17 |
| CVE-2022-41709 | Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled. | 7.8 | 0.43% | 2022-10-19 | 2026-06-17 |
| CVE-2022-41710 | Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. | 5.5 | 0.36% | 2022-11-03 | 2026-06-17 |
| CVE-2022-41711 | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 9.8 | 1.55% | 2022-10-25 | 2026-06-17 |
| CVE-2022-41712 | Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | 6.5 | 0.90% | 2022-11-25 | 2026-06-17 |
| CVE-2022-41713 | deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited. | 5.3 | 0.64% | 2022-11-03 | 2026-06-17 |
| CVE-2022-41714 | fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. | 5.3 | 0.61% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42743 | deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. | 5.3 | 0.61% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42744 | CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. | 9.8 | 1.20% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42745 | CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. | 7.5 | 0.80% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42746 | CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 1.13% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42747 | CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 1.07% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42748 | CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 1.07% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42749 | CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 1.07% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42750 | CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. | 8.8 | 0.95% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42751 | CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. | 8.8 | 0.42% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42753 | SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | 6.1 | 0.36% | 2022-11-03 | 2026-06-17 |