Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-27262 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.76% | 2023-10-25 | 2026-06-17 |
| CVE-2023-27260 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.55% | 2023-10-25 | 2026-06-17 |
| CVE-2023-27255 | Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.76% | 2023-10-25 | 2026-06-17 |
| CVE-2023-27254 | Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.76% | 2023-10-25 | 2026-06-17 |
| CVE-2023-26584 | Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.55% | 2023-10-25 | 2026-06-17 |
| CVE-2023-26583 | Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.55% | 2023-10-25 | 2026-06-17 |
| CVE-2023-26582 | Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.55% | 2023-10-25 | 2026-06-17 |
| CVE-2023-26581 | Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.55% | 2023-10-25 | 2026-06-17 |
| CVE-2023-26572 | Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.76% | 2023-10-25 | 2026-06-17 |
| CVE-2023-26569 | Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.76% | 2023-10-25 | 2026-06-17 |
| CVE-2023-26568 | Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | 0.76% | 2023-10-25 | 2026-06-17 |
| CVE-2022-40296 | The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. | 9.8 | 0.62% | 2022-10-31 | 2026-06-17 |
| CVE-2022-40293 | The application was vulnerable to a session fixation that could be used hijack accounts. | 9.8 | 0.62% | 2022-10-31 | 2026-06-17 |
| CVE-2024-12223 | Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. | 9.3 | 0.31% | 2025-08-19 | 2026-06-17 |
| CVE-2022-40289 | The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. | 9.0 | 0.60% | 2022-10-31 | 2026-06-17 |
| CVE-2022-40288 | The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. | 9.0 | 0.62% | 2022-10-31 | 2026-06-17 |
| CVE-2022-40287 | The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. | 9.0 | 0.62% | 2022-10-31 | 2026-06-17 |
| CVE-2026-57867 | MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3. | 8.8 | 0.34% | 2026-07-07 | 2026-07-07 |
| CVE-2024-28094 | Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. | 8.8 | 0.55% | 2024-03-06 | 2026-06-17 |
| CVE-2023-26578 | Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | 8.8 | 1.46% | 2023-10-25 | 2026-06-17 |