Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-1031 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. | 8.8 | 1.42% | 2023-05-08 | 2026-06-17 |
| CVE-2023-1094 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. | 8.8 | 1.17% | 2023-05-08 | 2026-06-17 |
| CVE-2023-1721 | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 9.1 | 0.99% | 2023-06-23 | 2026-06-17 |
| CVE-2023-1722 | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 9.1 | 0.36% | 2023-06-23 | 2026-06-17 |
| CVE-2023-1724 | Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS. | 7.3 | 0.47% | 2023-06-23 | 2026-06-17 |
| CVE-2023-1783 | OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF. | 6.5 | 0.58% | 2023-06-23 | 2026-06-17 |
| CVE-2023-2268 | Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. | 7.1 | 0.57% | 2023-07-15 | 2026-06-17 |
| CVE-2023-2507 | CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | 9.3 | 0.67% | 2023-07-15 | 2026-06-17 |
| CVE-2023-2508 | The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | 5.3 | 0.23% | 2023-09-20 | 2026-06-17 |
| CVE-2023-2533 KEV | A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes. | 8.4 | 29.25% | 2023-06-20 | 2026-06-17 |
| CVE-2023-30787 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. | 5.4 | 0.64% | 2023-05-08 | 2026-06-17 |
| CVE-2023-30788 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. | 5.4 | 0.64% | 2023-05-08 | 2026-06-17 |
| CVE-2023-30789 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. | 5.4 | 0.67% | 2023-05-08 | 2026-06-17 |
| CVE-2023-30790 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | 5.4 | 0.64% | 2023-05-08 | 2026-06-17 |
| CVE-2023-30791 | Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. | 7.1 | 0.46% | 2023-07-15 | 2026-06-17 |
| CVE-2023-3550 | Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. | 7.3 | 1.15% | 2023-09-25 | 2026-06-17 |
| CVE-2023-3726 | OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | 6.9 | 0.54% | 2024-01-04 | 2026-06-17 |
| CVE-2023-3891 | Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system | 7.3 | 0.27% | 2023-09-14 | 2026-06-17 |
| CVE-2023-43013 | Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | 0.71% | 2023-09-28 | 2026-06-17 |
| CVE-2023-43014 | Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | 8.8 | 0.65% | 2023-09-28 | 2026-06-17 |