Every CVE whose affected-product data names Nbnbk Project Nbnbk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-46493 — CVSS 9.8 (critical): Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.
CVE-2022-31386 — CVSS 9.1 (critical): A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make…
CVE-2022-46491 — CVSS 6.5 (medium): A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to…
CVE-2022-46492 — CVSS 6.5 (medium): nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component…