Skip to main content
CVE-2023-51319 HIGH POC This Week

PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Bus Reservation System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-51311 HIGH POC This Week

PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Car Park Booking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-51313 HIGH POC This Week

PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Restaurant Booking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-27088 HIGH POC PATCH This Week

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS S3 Proxy Suse
NVD GitHub
CVSS 4.0
8.4
EPSS
0.2%
CVE-2025-26304 HIGH POC This Week

A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libming
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-26305 HIGH POC This Week

A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-51316 HIGH POC This Week

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bus Reservation System
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-51314 HIGH POC This Week

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Restaurant Booking System
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-13888 HIGH POC PATCH This Week

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect WordPress Wpmobile App
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-1039 HIGH POC PATCH This Week

The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Lenix Leads Collector PHP
NVD WPScan
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-51336 HIGH This Week

PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Meeting Room Booking System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-51333 HIGH This Week

PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cinema Booking System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-12284 HIGH This Week

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. Rated high severity (CVSS 8.8). No vendor patch available.

Privilege Escalation Citrix Netscaler Agent Netscaler Console
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2025-0352 HIGH This Week

Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-27091 HIGH This Week

OpenH264 is a free license codec library which supports H.264 encoding and decoding. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Cisco Openh264 Suse
NVD GitHub
CVSS 4.0
8.6
EPSS
0.6%
CVE-2025-1293 HIGH PATCH This Week

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hermes Suse
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-13753 HIGH PATCH This Week

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-25679 HIGH This Week

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Tenda Buffer Overflow Stack Overflow I12 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-1492 HIGH PATCH This Week

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0161 HIGH This Week

IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Code Injection Security Verify Access
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46933 HIGH This Week

An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-13792 HIGH This Week

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection Woocommerce Food
NVD
CVSS 3.1
7.3
EPSS
2.0%
CVE-2024-13476 HIGH PATCH This Week

The LTL Freight Quotes - GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Ltl Freight Quotes
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-22973 HIGH This Week

An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qibocms X1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-57716 HIGH This Week

An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-26856 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
0.7%
CVE-2024-49781 HIGH This Week

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Openpages With Watson
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-26618 HIGH PATCH This Week

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy