Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-49677 | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2023-12-21 | 2026-06-17 |
| CVE-2023-49666 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.75% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49665 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49658 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49641 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.35% | 2025-05-12 | 2026-06-17 |
| CVE-2023-49639 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49633 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49625 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49624 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49622 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2024-01-04 | 2026-06-17 |
| CVE-2023-49272 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | 5.4 | 0.37% | 2023-12-20 | 2026-06-17 |
| CVE-2023-49271 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | 5.4 | 0.38% | 2023-12-20 | 2026-06-17 |
| CVE-2023-49270 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | 5.4 | 0.38% | 2023-12-20 | 2026-06-17 |
| CVE-2023-49269 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | 5.4 | 0.37% | 2023-12-20 | 2026-06-17 |
| CVE-2023-4892 | Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. | 5.7 | 0.39% | 2023-09-25 | 2026-06-17 |
| CVE-2023-48723 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.04% | 2023-12-21 | 2024-01-02 |
| CVE-2023-48722 | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2023-12-21 | 2026-06-17 |
| CVE-2023-48721 | Rejected reason: Not used | N/A | N/A | 2024-01-02 | 2024-01-02 |
| CVE-2023-48720 | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.67% | 2023-12-21 | 2026-06-17 |
| CVE-2023-48719 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | 0.04% | 2023-12-21 | 2024-01-02 |