CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 63 results
«« First « Prev Page 1 / 4 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2023-27262 Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.76% 2023-10-25 2026-06-17
CVE-2023-27260 Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.55% 2023-10-25 2026-06-17
CVE-2023-27255 Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.76% 2023-10-25 2026-06-17
CVE-2023-27254 Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.76% 2023-10-25 2026-06-17
CVE-2023-26584 Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.55% 2023-10-25 2026-06-17
CVE-2023-26583 Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.55% 2023-10-25 2026-06-17
CVE-2023-26582 Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.55% 2023-10-25 2026-06-17
CVE-2023-26581 Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.55% 2023-10-25 2026-06-17
CVE-2023-26572 Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.76% 2023-10-25 2026-06-17
CVE-2023-26569 Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.76% 2023-10-25 2026-06-17
CVE-2023-26568 Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.76% 2023-10-25 2026-06-17
CVE-2022-40296 The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. 9.8 0.62% 2022-10-31 2026-06-17
CVE-2022-40293 The application was vulnerable to a session fixation that could be used hijack accounts. 9.8 0.62% 2022-10-31 2026-06-17
CVE-2024-12223 Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. 9.3 0.31% 2025-08-19 2026-06-17
CVE-2022-40289 The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. 9.0 0.60% 2022-10-31 2026-06-17
CVE-2022-40288 The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. 9.0 0.62% 2022-10-31 2026-06-17
CVE-2022-40287 The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. 9.0 0.62% 2022-10-31 2026-06-17
CVE-2026-57867 MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3. 8.8 0.34% 2026-07-07 2026-07-07
CVE-2024-28094 Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. 8.8 0.55% 2024-03-06 2026-06-17
CVE-2023-26578 Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. 8.8 1.46% 2023-10-25 2026-06-17
«« First « Prev Page 1 / 4 Next »
cvelogic Threat Intelligence