CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 63 results
«« First « Prev Page 1 / 4 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-57871 Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3. 7.1 0.36% 2026-07-07 2026-07-07
CVE-2026-57870 Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3. 5.3 0.21% 2026-07-07 2026-07-07
CVE-2026-57869 Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3. 7.1 0.21% 2026-07-07 2026-07-07
CVE-2026-57868 MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3. 7.1 0.21% 2026-07-07 2026-07-07
CVE-2026-57867 MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3. 8.8 0.34% 2026-07-07 2026-07-07
CVE-2025-5591 Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. 7.7 0.14% 2026-01-04 2026-06-17
CVE-2024-12223 Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. 9.3 0.31% 2025-08-19 2026-06-17
CVE-2025-2394 Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. 4.7 0.18% 2025-05-22 2026-06-17
CVE-2024-28097 Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. 7.3 0.37% 2024-03-06 2026-06-17
CVE-2024-28096 Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. 7.3 0.37% 2024-03-06 2026-06-17
CVE-2024-28095 News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. 7.3 0.33% 2024-03-06 2026-06-17
CVE-2024-28094 Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. 8.8 0.55% 2024-03-06 2026-06-17
CVE-2023-6451 Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms. 8.6 0.53% 2024-02-15 2026-06-17
CVE-2023-4393 HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. 5.4 0.33% 2023-10-29 2026-06-17
CVE-2023-27377 Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 7.5 0.69% 2023-10-25 2026-06-17
CVE-2023-27376 Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 7.5 0.69% 2023-10-25 2026-06-17
CVE-2023-27375 Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 7.5 0.69% 2023-10-25 2026-06-17
CVE-2023-27262 Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.76% 2023-10-25 2026-06-17
CVE-2023-27261 Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. 5.3 0.53% 2023-10-25 2026-06-17
CVE-2023-27260 Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.55% 2023-10-25 2026-06-17
«« First « Prev Page 1 / 4 Next »
cvelogic Threat Intelligence