Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57871 | Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3. | 7.1 | 0.36% | 2026-07-07 | 2026-07-07 |
| CVE-2026-57870 | Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3. | 5.3 | 0.21% | 2026-07-07 | 2026-07-07 |
| CVE-2026-57869 | Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3. | 7.1 | 0.21% | 2026-07-07 | 2026-07-07 |
| CVE-2026-57868 | MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3. | 7.1 | 0.21% | 2026-07-07 | 2026-07-07 |
| CVE-2026-57867 | MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3. | 8.8 | 0.34% | 2026-07-07 | 2026-07-07 |
| CVE-2025-5591 | Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. | 7.7 | 0.14% | 2026-01-04 | 2026-06-17 |
| CVE-2024-12223 | Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. | 9.3 | 0.31% | 2025-08-19 | 2026-06-17 |
| CVE-2025-2394 | Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. | 4.7 | 0.18% | 2025-05-22 | 2026-06-17 |
| CVE-2024-28097 | Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 7.3 | 0.37% | 2024-03-06 | 2026-06-17 |
| CVE-2024-28096 | Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 7.3 | 0.37% | 2024-03-06 | 2026-06-17 |
| CVE-2024-28095 | News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 7.3 | 0.33% | 2024-03-06 | 2026-06-17 |
| CVE-2024-28094 | Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. | 8.8 | 0.55% | 2024-03-06 | 2026-06-17 |
| CVE-2023-6451 | Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms. | 8.6 | 0.53% | 2024-02-15 | 2026-06-17 |
| CVE-2023-4393 | HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | 5.4 | 0.33% | 2023-10-29 | 2026-06-17 |
| CVE-2023-27377 | Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | 0.69% | 2023-10-25 | 2026-06-17 |
| CVE-2023-27376 | Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | 0.69% | 2023-10-25 | 2026-06-17 |
| CVE-2023-27375 | Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 7.5 | 0.69% | 2023-10-25 | 2026-06-17 |
| CVE-2023-27262 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.76% | 2023-10-25 | 2026-06-17 |
| CVE-2023-27261 | Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | 5.3 | 0.53% | 2023-10-25 | 2026-06-17 |
| CVE-2023-27260 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.55% | 2023-10-25 | 2026-06-17 |