CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 81100395 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2023-1722 Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. 9.1 0.36% 2023-06-23 2026-06-17
CVE-2023-2268 Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. 7.1 0.57% 2023-07-15 2026-06-17
CVE-2023-2507 CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. 9.3 0.67% 2023-07-15 2026-06-17
CVE-2023-30791 Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. 7.1 0.46% 2023-07-15 2026-06-17
CVE-2023-3891 Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system 7.3 0.27% 2023-09-14 2026-06-17
CVE-2023-2508 The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. 5.3 0.23% 2023-09-20 2026-06-17
CVE-2023-3550 Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. 7.3 1.15% 2023-09-25 2026-06-17
CVE-2023-4892 Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. 5.7 0.39% 2023-09-25 2026-06-17
CVE-2023-43013 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. 9.8 0.71% 2023-09-28 2026-06-17
CVE-2023-43740 Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 8.8 1.21% 2023-09-28 2026-06-17
CVE-2023-44173 Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. 5.4 0.34% 2023-09-28 2026-06-17
CVE-2023-4316 Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. 7.5 0.76% 2023-09-28 2026-06-17
CVE-2023-5004 Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. 9.8 0.90% 2023-09-28 2026-06-17
CVE-2023-5053 Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. 9.8 0.90% 2023-09-28 2026-06-17
CVE-2023-5185 Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 9.1 1.20% 2023-09-28 2026-06-17
CVE-2023-43014 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. 8.8 0.65% 2023-09-28 2026-06-17
CVE-2023-43739 The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44163 The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44164 The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.80% 2023-09-28 2026-06-17
CVE-2023-44165 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 0.04% 2023-09-28 2024-01-02
cvelogic Threat Intelligence