Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-41705 | Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 9.8 | 1.81% | 2022-11-25 | 2026-06-17 |
| CVE-2022-41706 | Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. | 8.2 | 0.61% | 2022-11-25 | 2026-06-17 |
| CVE-2022-41707 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public. | 6.5 | 0.79% | 2022-10-19 | 2026-06-17 |
| CVE-2022-41708 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. | 4.3 | 0.50% | 2022-10-19 | 2026-06-17 |
| CVE-2022-41709 | Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled. | 7.8 | 0.43% | 2022-10-19 | 2026-06-17 |
| CVE-2022-41710 | Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. | 5.5 | 0.36% | 2022-11-03 | 2026-06-17 |
| CVE-2022-41711 | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 9.8 | 1.55% | 2022-10-25 | 2026-06-17 |
| CVE-2022-41712 | Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | 6.5 | 0.90% | 2022-11-25 | 2026-06-17 |
| CVE-2022-41713 | deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited. | 5.3 | 0.64% | 2022-11-03 | 2026-06-17 |
| CVE-2022-41714 | fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. | 5.3 | 0.61% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42743 | deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. | 5.3 | 0.61% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42744 | CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. | 9.8 | 1.20% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42745 | CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. | 7.5 | 0.80% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42746 | CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 1.13% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42747 | CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 1.07% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42748 | CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 1.07% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42749 | CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 1.07% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42750 | CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. | 8.8 | 0.95% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42751 | CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. | 8.8 | 0.42% | 2022-11-03 | 2026-06-17 |
| CVE-2022-42753 | SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | 6.1 | 0.36% | 2022-11-03 | 2026-06-17 |