聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2025-22622 | Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php. | 4.3 | 0.27% | 2025-02-18 | 2026-06-17 |
| CVE-2024-6534 | Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover. | 4.3 | 0.33% | 2024-08-15 | 2026-06-17 |
| CVE-2023-0944 | Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user. | 4.3 | 0.48% | 2023-04-05 | 2026-06-17 |
| CVE-2022-41708 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. | 4.3 | 0.50% | 2022-10-19 | 2026-06-17 |
| CVE-2022-25223 | Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. | 4.3 | 0.77% | 2022-03-23 | 2026-06-17 |
| CVE-2022-22702 | PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. | 4.3 | 0.71% | 2022-01-10 | 2026-06-17 |
| CVE-2024-1443 | MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | 4.4 | 0.23% | 2024-03-06 | 2026-06-17 |
| CVE-2026-50711 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component. | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50710 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component. | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50705 | A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer. | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50704 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer. | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50700 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function. | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50699 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document using a whitelisted write path and trigger script execution when users open the affected Auto Repeat form. | 4.6 | 0.31% | 2026-06-24 | 2026-06-25 |
| CVE-2026-50698 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component. | 4.6 | 0.26% | 2026-06-24 | 2026-06-25 |
| CVE-2026-3837 | An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without escaping This issue affects Frappe: 16.10.0. | 4.6 | 0.19% | 2026-04-22 | 2026-06-17 |
| CVE-2026-3673 | An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frappe: 16.10.10. | 4.6 | 0.20% | 2026-04-22 | 2026-06-17 |
| CVE-2022-1955 | Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. | 4.6 | 0.35% | 2022-06-30 | 2026-06-17 |
| CVE-2022-1716 | Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. | 4.6 | 0.41% | 2022-06-02 | 2026-06-17 |
| CVE-2026-5362 | An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3. | 4.8 | 0.19% | 2026-04-27 | 2026-06-17 |
| CVE-2026-50712 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component | 4.8 | 0.24% | 2026-06-24 | 2026-06-25 |