CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 81100 of 396 results
«« First « Prev Page 5 / 20 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2023-30787 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. 5.4 0.64% 2023-05-08 2026-06-17
CVE-2023-30788 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. 5.4 0.64% 2023-05-08 2026-06-17
CVE-2023-30789 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. 5.4 0.67% 2023-05-08 2026-06-17
CVE-2023-30790 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. 5.4 0.64% 2023-05-08 2026-06-17
CVE-2023-30791 Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. 7.1 0.46% 2023-07-15 2026-06-17
CVE-2023-3550 Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. 7.3 1.15% 2023-09-25 2026-06-17
CVE-2023-3726 OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. 6.9 0.54% 2024-01-04 2026-06-17
CVE-2023-3891 Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system 7.3 0.27% 2023-09-14 2026-06-17
CVE-2023-4122 Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 9.9 1.45% 2023-12-07 2026-06-17
CVE-2023-43013 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. 9.8 0.71% 2023-09-28 2026-06-17
CVE-2023-43014 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. 8.8 0.65% 2023-09-28 2026-06-17
CVE-2023-4316 Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. 7.5 0.76% 2023-09-28 2026-06-17
CVE-2023-43702 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43703 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43704 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43705 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43706 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43707 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43708 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
CVE-2023-43709 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-29 2026-06-17
«« First « Prev Page 5 / 20 Next »
cvelogic Threat Intelligence