Skip to main content
CVE-2023-42299 CRITICAL POC Act Now

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Openimageio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-45347 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45346 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45345 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45338 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45344 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45343 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45342 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45341 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45340 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45336 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45334 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45325 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45323 CRITICAL POC Act Now

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5918 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Visitor Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45019 CRITICAL POC Act Now

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bus Booking System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45018 CRITICAL POC Act Now

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bus Booking System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45015 CRITICAL POC Act Now

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bus Booking System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45012 CRITICAL POC Act Now

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bus Booking System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45111 CRITICAL POC Act Now

Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43336 HIGH POC This Week

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freepbx
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-39057 HIGH POC This Week

An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39054 HIGH POC This Week

An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39053 HIGH POC This Week

An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39051 HIGH POC This Week

An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39050 HIGH POC This Week

An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39048 HIGH POC This Week

An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39047 HIGH POC PATCH This Week

An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39042 HIGH POC This Week

An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5929 HIGH POC This Week

A vulnerability was found in Campcodes Simple Student Information System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5928 HIGH POC This Week

A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5927 HIGH POC This Week

A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5926 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5925 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5924 HIGH POC This Week

A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5923 HIGH POC This Week

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5919 HIGH POC This Week

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-5930 MEDIUM POC This Month

A vulnerability was found in Campcodes Simple Student Information System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43193 MEDIUM POC PATCH This Month

Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Submitty
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46958 CRITICAL Act Now

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Lmxcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-31579 CRITICAL PATCH Act Now

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Lamp Cloud
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5846 CRITICAL Act Now

Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ts 550 Evo Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-42802 CRITICAL Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-47204 CRITICAL PATCH Act Now

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization Transmute Core
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46475 MEDIUM POC This Month

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zentao
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43194 MEDIUM POC PATCH This Month

Submitty before v22.06.00 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Submitty
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-46925 MEDIUM POC This Month

Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Reportico
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26454 HIGH This Week

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26453 HIGH This Week

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26452 HIGH This Week

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy