CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 120395 条结果
«« 第一页 « 上一页 第 1 / 20 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-22622 Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php. 4.3 0.27% 2025-02-18 2026-06-17
CVE-2024-6534 Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover. 4.3 0.33% 2024-08-15 2026-06-17
CVE-2023-0944 Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user. 4.3 0.48% 2023-04-05 2026-06-17
CVE-2022-41708 Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. 4.3 0.50% 2022-10-19 2026-06-17
CVE-2022-25223 Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. 4.3 0.77% 2022-03-23 2026-06-17
CVE-2022-22702 PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. 4.3 0.71% 2022-01-10 2026-06-17
CVE-2024-1443 MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. 4.4 0.23% 2024-03-06 2026-06-17
CVE-2026-50711 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component. 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50710 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component. 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50705 A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer. 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50704 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer. 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50700 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function. 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-50699 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document using a whitelisted write path and trigger script execution when users open the affected Auto Repeat form. 4.6 0.31% 2026-06-24 2026-06-25
CVE-2026-50698 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component. 4.6 0.26% 2026-06-24 2026-06-25
CVE-2026-3837 An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without escaping This issue affects Frappe: 16.10.0. 4.6 0.19% 2026-04-22 2026-06-17
CVE-2026-3673 An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frappe: 16.10.10. 4.6 0.20% 2026-04-22 2026-06-17
CVE-2022-1955 Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 4.6 0.35% 2022-06-30 2026-06-17
CVE-2022-1716 Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 4.6 0.41% 2022-06-02 2026-06-17
CVE-2026-5362 An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3. 4.8 0.19% 2026-04-27 2026-06-17
CVE-2026-50712 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component 4.8 0.24% 2026-06-24 2026-06-25
«« 第一页 « 上一页 第 1 / 20 页 下一页 »
cvelogic Threat Intelligence