Skip to main content
CVE-2023-51066 HIGH POC This Week

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Archive Storage Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
9.0%
CVE-2023-33472 HIGH POC This Week

An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Scada Lts
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2023-51063 HIGH POC This Week

QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archive Storage Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-51065 HIGH POC This Week

Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Archive Storage Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-51070 HIGH POC This Week

An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Archive Storage Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-51804 HIGH POC This Week

An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Forest
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-51071 MEDIUM POC This Month

An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Archive Storage Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51805 MEDIUM POC This Month

SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Tduck Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50072 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openkm
NVD GitHub
CVSS 3.1
5.4
EPSS
3.7%
CVE-2023-51067 MEDIUM POC This Month

An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archive Storage Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-51064 MEDIUM POC This Month

QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archive Storage Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-51068 MEDIUM POC This Month

An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archive Storage Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-51062 MEDIUM POC This Month

An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Archive Storage Manager
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-46943 CRITICAL PATCH Act Now

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Node.js Evershop
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-52288 HIGH This Week

An issue was discovered in the flaskcode package through 0.0.8 for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Flaskcode
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-52289 HIGH This Week

An issue was discovered in the flaskcode package through 0.0.8 for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Flaskcode
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46942 HIGH PATCH This Week

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Node.js Evershop
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-22142 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.10.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22137 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.0.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0251 MEDIUM This Month

The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-0510 HIGH This Month

A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Yiqiniu
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-0505 MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical.java of the component Upload Material Menu. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Austin
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0504 LOW POC Monitor

A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Online Hotel Reservation System
NVD VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-0503 LOW POC Monitor

A vulnerability was found in code-projects Online FIR System 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Fir System
NVD VulDB
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-0502 MEDIUM POC Monitor

A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi House Rental Management System
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-0501 LOW POC Monitor

A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS House Rental Management System
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-0500 LOW POC Monitor

A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS House Rental Management System
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-0499 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0.php. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP House Rental Management System
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-0498 MEDIUM This Month

A vulnerability was found in Project Worlds Lawyer Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Lawyer Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0497 MEDIUM This Month

A vulnerability was found in Campcodes Student Information System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0496 MEDIUM This Month

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical.php of the component HTTP POST Request Handler. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0495 MEDIUM This Month

A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0494 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0493 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0492 MEDIUM This Month

A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0491 MEDIUM This Month

A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Huaxia Erp
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-0490 MEDIUM This Month

A vulnerability was found in Huaxia ERP up to 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huaxia Erp
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-0489 MEDIUM This Month

A vulnerability was found in code-projects Fighting Cock Information System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0488 MEDIUM This Month

A vulnerability was found in code-projects Fighting Cock Information System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0487 MEDIUM This Month

A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0486 MEDIUM This Month

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0485 MEDIUM This Month

A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0484 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0483 MEDIUM This Month

A vulnerability classified as critical was found in Taokeyun up to 1.0.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0482 MEDIUM This Month

A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0481 MEDIUM This Month

A vulnerability was found in Taokeyun up to 1.0.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-22209 MEDIUM POC PATCH This Month

Open edX Platform is a service-oriented platform for authoring and delivering online learning. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Edx Platform
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-21640 MEDIUM POC PATCH This Month

Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Google Information Disclosure Chromium Embedded Framework Chrome
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0480 HIGH This Month

A vulnerability was found in Taokeyun up to 1.0.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-0479 HIGH This Month

A vulnerability was found in Taokeyun up to 1.0.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy