NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-23440 | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. | 7.1 | 0.21% | 2024-02-13 | 2026-06-17 |
| CVE-2024-23439 | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver. | 7.1 | 0.21% | 2024-02-13 | 2026-06-17 |
| CVE-2024-1140 | Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver. | 6.1 | 0.16% | 2024-02-13 | 2026-06-17 |
| CVE-2024-1096 | Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver. | 5.5 | 0.20% | 2024-02-13 | 2026-06-17 |
| CVE-2024-0849 | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | 5.0 | 0.23% | 2024-02-07 | 2026-06-17 |
| CVE-2023-6388 | Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. | 5.0 | 0.46% | 2024-02-07 | 2026-06-17 |
| CVE-2024-0788 | SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. | 6.6 | 0.24% | 2024-01-29 | 2026-06-17 |
| CVE-2024-23441 | Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. | 5.5 | 0.24% | 2024-01-29 | 2026-06-17 |
| CVE-2024-0430 | IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. | 5.5 | 0.24% | 2024-01-22 | 2026-06-17 |
| CVE-2023-50867 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50866 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50865 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50864 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50863 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50862 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50760 | Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 | 1.21% | 2024-01-04 | 2026-06-17 |
| CVE-2023-3726 | OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | 6.9 | 0.54% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50753 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50752 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50743 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |