聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2023-1722 | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 9.1 | 0.36% | 2023-06-23 | 2026-06-17 |
| CVE-2023-2268 | Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. | 7.1 | 0.57% | 2023-07-15 | 2026-06-17 |
| CVE-2023-2507 | CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | 9.3 | 0.67% | 2023-07-15 | 2026-06-17 |
| CVE-2023-30791 | Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. | 7.1 | 0.46% | 2023-07-15 | 2026-06-17 |
| CVE-2023-3891 | Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system | 7.3 | 0.27% | 2023-09-14 | 2026-06-17 |
| CVE-2023-2508 | The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | 5.3 | 0.23% | 2023-09-20 | 2026-06-17 |
| CVE-2023-3550 | Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. | 7.3 | 1.15% | 2023-09-25 | 2026-06-17 |
| CVE-2023-4892 | Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. | 5.7 | 0.39% | 2023-09-25 | 2026-06-17 |
| CVE-2023-43013 | Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | 0.71% | 2023-09-28 | 2026-06-17 |
| CVE-2023-43740 | Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 | 1.21% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44173 | Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. | 5.4 | 0.34% | 2023-09-28 | 2026-06-17 |
| CVE-2023-4316 | Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. | 7.5 | 0.76% | 2023-09-28 | 2026-06-17 |
| CVE-2023-5004 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | 0.90% | 2023-09-28 | 2026-06-17 |
| CVE-2023-5053 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | 0.90% | 2023-09-28 | 2026-06-17 |
| CVE-2023-5185 | Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 9.1 | 1.20% | 2023-09-28 | 2026-06-17 |
| CVE-2023-43014 | Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | 8.8 | 0.65% | 2023-09-28 | 2026-06-17 |
| CVE-2023-43739 | The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44163 | The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44164 | The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44165 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 無 | 0.04% | 2023-09-28 | 2024-01-02 |