Skip to main content
CVE-2023-27113 CRITICAL POC Act Now

pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pearprojectapi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-27112 CRITICAL POC Act Now

pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pearprojectapi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-51818 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer.4.3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.3% and no vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
19.3%
CVE-2023-37032 HIGH POC This Week

A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magma
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-37024 HIGH POC This Week

A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37029 HIGH POC This Week

Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-22710 HIGH Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StoreApps Smart Manager allows Blind SQL Injection.52.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
19.1%
CVE-2023-37028 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37025 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37027 MEDIUM POC This Month

Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37038 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37037 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37036 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37034 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37033 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37031 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37030 MEDIUM POC This Month

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Magma
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-49688 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32555 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation.2.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-51888 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-49699 HIGH This Week

Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2024-49655 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection.0.3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2025-22553 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Multiple Carousel allows SQL Injection.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2024-51919 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer.4.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2025-22723 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Upload a Web Shell to a Web Server.6.7. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-50733 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-49666 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection.0.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-49333 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection.16.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-49303 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection.16.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-22716 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Taskbuilder Team Taskbuilder allows SQL Injection.0.6. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-23477 HIGH This Week

Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs.0.45. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-24451 HIGH This Week

A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-40132 HIGH This Week

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22311 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Private Messages for UserPro.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI Information Disclosure PHP
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-24442 HIGH This Week

A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-24444 HIGH This Week

Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-22717 HIGH This Week

Missing Authorization vulnerability in Joe Dolson My Tickets allows Accessing Functionality Not Properly Constrained by ACLs.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-22318 HIGH This Week

Missing Authorization vulnerability in Eniture Technology Standard Box Sizes - for WooCommerce.6.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23551 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23580 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Garvin BizLibrary allows Reflected XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23994 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud - Properties & Listings allows Stored XSS.5.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23489 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner of WebDevStudios WP-Announcements allows Reflected XSS.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23461 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Dotta, Jacopo Campani, di xkoll.com Social2Blog allows Reflected XSS.2.990. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23454 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flashmaniac Nature FlipBook allows Reflected XSS.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-22711 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control allows Reflected XSS.29.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-23998 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rara Theme UltraLight allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22735 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TaxoPress WordPress Tag Cloud Plugin - Tag Groups allows Reflected XSS.0.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22733 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPHocus My auctions allegro allows Reflected XSS.6.18. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22719 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E4J s.r.l. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-22709 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS.8.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy