聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2024-0849 | Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | 5.0 | 0.23% | 2024-02-06 | 2026-06-17 |
| CVE-2023-6388 | Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. | 5.0 | 0.46% | 2024-02-06 | 2026-06-17 |
| CVE-2024-0788 | SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. | 6.6 | 0.24% | 2024-01-29 | 2026-06-17 |
| CVE-2024-23441 | Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. | 5.5 | 0.24% | 2024-01-29 | 2026-06-17 |
| CVE-2024-0430 | IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. | 5.5 | 0.24% | 2024-01-22 | 2026-06-17 |
| CVE-2023-50867 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50866 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50865 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50864 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50863 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50862 | Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50760 | Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 | 1.21% | 2024-01-04 | 2026-06-17 |
| CVE-2023-3726 | OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | 6.9 | 0.54% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50753 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50752 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-50743 | Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49666 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.75% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49665 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49658 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49639 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |