Skip to main content
CVE-2023-49084 HIGH POC THREAT Act Now

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE LFI PHP SQLi Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
63.8%
CVE-2023-49681 CRITICAL POC Act Now

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Job Portal
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-49677 CRITICAL POC Act Now

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Job Portal
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48722 CRITICAL POC Act Now

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Result Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48720 CRITICAL POC Act Now

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Result Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48718 CRITICAL POC Act Now

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Result Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48716 CRITICAL POC Act Now

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Result Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48689 CRITICAL POC Act Now

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Railway Reservation System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48687 CRITICAL POC Act Now

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Railway Reservation System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48685 CRITICAL POC Act Now

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Railway Reservation System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7039 CRITICAL POC THREAT Act Now

A vulnerability classified as critical has been found in Byzoro S210 up to 20231210. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Smart S210 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
14.2%
CVE-2023-7023 CRITICAL POC Act Now

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7022 CRITICAL POC Act Now

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7021 CRITICAL POC Act Now

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7020 CRITICAL POC Act Now

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29486 CRITICAL POC Act Now

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Microsoft Thor
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29485 CRITICAL POC Act Now

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Apple Authentication Bypass Thor
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-49032 CRITICAL POC Act Now

An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Self Service Password
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-50475 CRITICAL POC Act Now

An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bcoin
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-29487 CRITICAL POC Act Now

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Microsoft Thor
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-7024 HIGH POC KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2023-44482 HIGH POC This Week

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Leave Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-44481 HIGH POC This Week

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Leave Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-7037 HIGH POC This Week

A vulnerability was found in automad up to 1.10.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Automad
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45121 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45120 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-45119 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45118 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45116 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45115 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-51442 HIGH POC PATCH This Week

Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Navidrome
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-50831 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY - Multi Currency for WooCommerce allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Curcy
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50833 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.0.239. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Colibri Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-7040 MEDIUM POC This Month

A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Stupid Simple Cms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-7038 MEDIUM POC PATCH This Month

A vulnerability was found in automad up to 1.10.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Automad
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-7026 MEDIUM POC This Month

A vulnerability was found in Lightxun IPTV Gateway up to 20231208. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Iptv Gateway
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-50732 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-49778 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Sayfa Sayac
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2023-50724 MEDIUM POC PATCH This Month

Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis XSS Resque
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-50832 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.7.13. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Multi Step Form
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50828 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard - Custom WordPress Dashboard allows Stored XSS.7.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Dashboard
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-6145 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Advanced C2C Marketplace Software
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-51052 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-51051 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-51050 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-51049 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-51048 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-32242 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.0.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Woodmart
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-51656 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache IoTDB.13.0 through 0.13.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Iotdb
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-50477 CRITICAL Act Now

An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nos Client
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy