CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 101120 of 395 results
«« First « Prev Page 6 / 20 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2024-0788 SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. 6.6 0.24% 2024-01-29 2026-06-17
CVE-2024-0430 IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. 5.5 0.24% 2024-01-22 2026-06-17
CVE-2024-0403 Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF. 6.5 0.43% 2024-02-29 2026-06-17
CVE-2023-6388 Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. 5.0 0.46% 2024-02-06 2026-06-17
CVE-2023-6199 Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF. 6.5 1.38% 2023-11-20 2026-06-17
CVE-2023-6144 Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username. 9.1 0.45% 2023-11-20 2026-06-17
CVE-2023-6142 Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim. 5.4 0.43% 2023-11-20 2026-06-17
CVE-2023-5306 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. N/A 0.05% 2023-10-31 2024-01-02
CVE-2023-5185 Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 9.1 1.20% 2023-09-28 2026-06-17
CVE-2023-5112 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-5111 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. 5.4 0.43% 2023-09-30 2026-06-17
CVE-2023-50867 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50866 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50865 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50864 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50863 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50862 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50760 Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 8.8 1.21% 2024-01-04 2026-06-17
CVE-2023-50753 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50752 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
«« First « Prev Page 6 / 20 Next »
cvelogic Threat Intelligence