CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 101120395 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-0849 Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. 5.0 0.23% 2024-02-06 2026-06-17
CVE-2023-6388 Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. 5.0 0.46% 2024-02-06 2026-06-17
CVE-2024-0788 SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. 6.6 0.24% 2024-01-29 2026-06-17
CVE-2024-23441 Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. 5.5 0.24% 2024-01-29 2026-06-17
CVE-2024-0430 IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. 5.5 0.24% 2024-01-22 2026-06-17
CVE-2023-50867 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50866 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50865 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50864 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50863 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50862 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50760 Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 8.8 1.21% 2024-01-04 2026-06-17
CVE-2023-3726 OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. 6.9 0.54% 2024-01-04 2026-06-17
CVE-2023-50753 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50752 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-50743 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49666 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.75% 2024-01-04 2026-06-17
CVE-2023-49665 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49658 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49639 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
cvelogic Threat Intelligence