聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2022-25226 | ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server. | 10.0 | 81.89% | 2022-04-18 | 2024-11-21 |
| CVE-2024-1651 | Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. | 10.0 | 80.59% | 2024-02-20 | 2025-02-12 |
| CVE-2022-23046 | PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php | 7.2 | 48.98% | 2022-01-19 | 2024-11-21 |
| CVE-2023-2533 KEV | A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes. | 8.4 | 36.32% | 2023-06-20 | 2026-02-26 |
| CVE-2022-23050 | ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 7.2 | 27.37% | 2022-05-24 | 2024-11-21 |
| CVE-2023-6199 | Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF. | 6.5 | 13.38% | 2023-11-20 | 2025-05-19 |
| CVE-2022-41711 | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 9.8 | 10.00% | 2022-10-25 | 2025-05-07 |
| CVE-2022-41705 | Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | 9.8 | 5.95% | 2022-11-25 | 2025-04-29 |
| CVE-2022-23048 | Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands. | 7.2 | 4.58% | 2022-02-09 | 2024-11-21 |
| CVE-2022-25225 | Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. | 7.2 | 4.43% | 2022-03-10 | 2024-11-21 |
| CVE-2022-42746 | CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 2.97% | 2022-11-03 | 2025-05-05 |
| CVE-2022-25222 | Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. | 9.8 | 2.73% | 2022-03-23 | 2024-11-21 |
| CVE-2022-42749 | CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 2.71% | 2022-11-03 | 2025-05-05 |
| CVE-2022-42748 | CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 2.71% | 2022-11-03 | 2025-05-05 |
| CVE-2022-42747 | CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | 6.1 | 2.71% | 2022-11-03 | 2025-05-05 |
| CVE-2025-7404 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1. | 5.9 | 2.33% | 2025-07-24 | 2026-01-16 |
| CVE-2022-0698 | Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. | 6.1 | 2.11% | 2022-11-25 | 2025-04-25 |
| CVE-2023-43740 | Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 | 2.10% | 2023-09-28 | 2024-11-21 |
| CVE-2023-0670 | Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image. | 7.2 | 1.79% | 2023-04-05 | 2025-02-13 |
| CVE-2023-0265 | Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers. | 8.8 | 1.54% | 2023-04-04 | 2025-02-13 |