聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2024-1651 | Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. | 10.0 | 80.59% | 2024-02-20 | 2025-02-12 |
| CVE-2022-25226 | ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server. | 10.0 | 81.89% | 2022-04-18 | 2024-11-21 |
| CVE-2024-1644 | Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI. | 9.9 | 0.24% | 2024-02-20 | 2024-12-31 |
| CVE-2023-4122 | Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 9.9 | 1.45% | 2023-12-07 | 2024-11-21 |
| CVE-2023-50867 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50866 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50865 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50864 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50863 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50862 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50753 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50752 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.08% | 2024-01-04 | 2024-11-21 |
| CVE-2023-50743 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.07% | 2024-01-04 | 2024-11-21 |
| CVE-2023-5053 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | 0.05% | 2023-09-28 | 2024-11-21 |
| CVE-2023-5008 | Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | 0.03% | 2023-12-08 | 2024-11-21 |
| CVE-2023-5004 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | 0.05% | 2023-09-28 | 2024-11-21 |
| CVE-2023-49689 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.15% | 2023-12-22 | 2024-11-21 |
| CVE-2023-49688 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.15% | 2023-12-22 | 2024-11-21 |
| CVE-2023-49681 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.15% | 2023-12-21 | 2024-11-21 |
| CVE-2023-49677 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.14% | 2023-12-21 | 2024-11-21 |