CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 12063 条结果
«« 第一页 « 上一页 第 1 / 4 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-57871 Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3. 7.1 0.36% 2026-07-07 2026-07-07
CVE-2026-57870 Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3. 5.3 0.21% 2026-07-07 2026-07-07
CVE-2026-57869 Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3. 7.1 0.21% 2026-07-07 2026-07-07
CVE-2026-57868 MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3. 7.1 0.21% 2026-07-07 2026-07-07
CVE-2026-57867 MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3. 8.8 0.34% 2026-07-07 2026-07-07
CVE-2025-5591 Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. 7.7 0.14% 2026-01-04 2026-06-17
CVE-2024-12223 Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. 9.3 0.31% 2025-08-19 2026-06-17
CVE-2025-2394 Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. 4.7 0.18% 2025-05-22 2026-06-17
CVE-2024-28097 Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. 7.3 0.37% 2024-03-06 2026-06-17
CVE-2024-28096 Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. 7.3 0.37% 2024-03-06 2026-06-17
CVE-2024-28095 News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. 7.3 0.33% 2024-03-06 2026-06-17
CVE-2024-28094 Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. 8.8 0.55% 2024-03-06 2026-06-17
CVE-2023-6451 Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms. 8.6 0.53% 2024-02-15 2026-06-17
CVE-2023-4393 HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. 5.4 0.33% 2023-10-29 2026-06-17
CVE-2023-27377 Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 7.5 0.69% 2023-10-25 2026-06-17
CVE-2023-27376 Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 7.5 0.69% 2023-10-25 2026-06-17
CVE-2023-27375 Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. 7.5 0.69% 2023-10-25 2026-06-17
CVE-2023-27262 Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.76% 2023-10-25 2026-06-17
CVE-2023-27261 Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. 5.3 0.53% 2023-10-25 2026-06-17
CVE-2023-27260 Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. 9.8 0.55% 2023-10-25 2026-06-17
«« 第一页 « 上一页 第 1 / 4 页 下一页 »
cvelogic Threat Intelligence