Skip to main content
CVE-2023-0784 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Best Online News Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-0793 HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0790 HIGH POC PATCH This Week

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-45088 CRITICAL Act Now

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Smartpower Web
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-4557 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Smartpower
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-0789 CRITICAL PATCH Act Now

Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-0788 CRITICAL PATCH Act Now

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Code Injection Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0792 MEDIUM POC PATCH This Month

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0787 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-45090 HIGH This Week

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.01.01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Smartpower Web
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-45089 HIGH This Week

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.01.01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Smartpower Web
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0786 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-20076 HIGH This Week

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ic3000 Industrial Compute Gateway Iox Ios Xe +6
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-0785 LOW POC Monitor

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Best Online News Portal
NVD VulDB
CVSS 3.1
3.7
EPSS
0.9%
CVE-2022-45085 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.01.01. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Smartpower Web
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-0661 MEDIUM This Month

Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-45087 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).01.01. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smartpower Web
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-45091 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).01.01. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smartpower Web
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-45086 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).01.01. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smartpower Web
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0794 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0791 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy