CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 101120 of 395 results
«« First « Prev Page 6 / 20 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2024-0849 Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. 5.0 0.23% 2024-02-06 2026-06-17
CVE-2023-6388 Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. 5.0 0.46% 2024-02-06 2026-06-17
CVE-2024-0788 SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. 6.6 0.24% 2024-01-29 2026-06-17
CVE-2024-23441 Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. 5.5 0.24% 2024-01-29 2026-06-17
CVE-2024-0430 IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. 5.5 0.24% 2024-01-22 2026-06-17
CVE-2023-50867 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50866 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50865 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50864 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50863 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50862 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50760 Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 8.8 1.21% 2024-01-04 2026-06-17
CVE-2023-3726 OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. 6.9 0.54% 2024-01-04 2026-06-17
CVE-2023-50753 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50752 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50743 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49666 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.75% 2024-01-04 2026-06-17
CVE-2023-49665 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49658 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49639 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
«« First « Prev Page 6 / 20 Next »
cvelogic Threat Intelligence