Skip to main content
CVE-2023-50839 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin.8.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

SQLi Js Help Desk
NVD
CVSS 3.1
9.3
EPSS
16.3%
CVE-2023-50445 HIGH POC Act Now

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Gl Mt1300 Firmware Gl Mt300N V2 Firmware Gl Ar750S Firmware +9
NVD GitHub
CVSS 3.1
7.8
EPSS
9.1%
CVE-2023-7140 CRITICAL POC Act Now

A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7139 CRITICAL POC Act Now

A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7134 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Medicine Tracking System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Medicine Tracker System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-7131 CRITICAL POC Act Now

A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Intern Membership Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7163 CRITICAL POC Act Now

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link D View 8
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-7127 CRITICAL POC Act Now

A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Automated Voting System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7123 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0.php? f=save_medicine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Medicine Tracker System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46987 HIGH POC This Week

SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Seacms
NVD VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-7138 HIGH POC This Week

A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7137 HIGH POC THREAT This Week

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
17.0%
CVE-2023-7129 HIGH POC This Week

A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Voting System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-7128 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Voting System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7126 HIGH POC This Week

A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Automated Voting System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-50038 HIGH POC This Week

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Textpattern
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-50692 HIGH POC This Week

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Jizhicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49230 HIGH POC This Week

An issue was discovered in Peplink Balance Two before 8.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Balance Two Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-52152 HIGH POC This Week

mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Mupnp For C
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-51006 HIGH POC This Week

An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Chinese Perpetual Calendar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34829 MEDIUM POC This Month

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tapo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49228 MEDIUM POC This Month

An issue was discovered in Peplink Balance Two before 8.4.0. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Balance Two Firmware
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2023-7133 MEDIUM POC This Month

A vulnerability was found in y_project RuoYi 4.7.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruoyi
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-49469 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Shaarli
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-7124 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Commerce Site
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-4671 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ecop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-52082 CRITICAL PATCH Act Now

Lychee is a free photo-management tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Lychee
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-50470 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seacms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7136 MEDIUM POC This Month

A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7135 MEDIUM POC This Month

A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7132 MEDIUM POC This Month

A vulnerability was found in code-projects Intern Membership Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Intern Membership Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-52081 MEDIUM POC PATCH This Month

ffcss is a CLI interface to apply and configure Firefox CSS themes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Mozilla Information Disclosure Firefox Css
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-51010 MEDIUM POC This Month

An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qingdao Metro
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-50842 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.2.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mf Gig Calendar
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-50841 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress - Appointment Booking Calendar Plugin and Online Scheduling. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bookingpress
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-50840 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.1.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Booking Manager
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-49229 MEDIUM POC This Month

An issue was discovered in Peplink Balance Two before 8.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Balance Two Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-32795 HIGH This Week

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.1.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Product Addons
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-46989 HIGH PATCH This Week

SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE PHP SQLi Quick Order
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-50838 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms - Ultimate Form Builder - Contact forms and much more.5.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nex Forms
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50847 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Welcart E Commerce
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50846 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic - Custom Registration Forms, User Registration, Payment, and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Registrationmagic
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50845 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory - WordPress Business Directory. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Geodirectory
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50844 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging - WP Mail Catcher.1.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Mail Catcher
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50843 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.0.4. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Clockwork Sms Notfications
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50855 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.8.18. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pre Party Resource Hints
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50854 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack squirrly-seo-pack allows SQL Injection.4.02. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50853 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration - Connect WooCommerce and Contact Form 7 to Google Sheets. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google SQLi Advanced Form Integration
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50852 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bookit
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50851 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin.6.6.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Simply Schedule Appointments
NVD
CVSS 3.1
7.6
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy