CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 141160 of 395 results
«« First « Prev Page 8 / 20 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2023-49677 Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2023-12-21 2026-06-17
CVE-2023-49666 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.75% 2024-01-04 2026-06-17
CVE-2023-49665 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49658 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49641 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.35% 2025-05-12 2026-06-17
CVE-2023-49639 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49633 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49625 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49624 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49622 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2024-01-04 2026-06-17
CVE-2023-49272 Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. 5.4 0.37% 2023-12-20 2026-06-17
CVE-2023-49271 Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. 5.4 0.38% 2023-12-20 2026-06-17
CVE-2023-49270 Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. 5.4 0.38% 2023-12-20 2026-06-17
CVE-2023-49269 Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. 5.4 0.37% 2023-12-20 2026-06-17
CVE-2023-4892 Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. 5.7 0.39% 2023-09-25 2026-06-17
CVE-2023-48723 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. N/A 0.04% 2023-12-21 2024-01-02
CVE-2023-48722 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2023-12-21 2026-06-17
CVE-2023-48721 Rejected reason: Not used N/A N/A 2024-01-02 2024-01-02
CVE-2023-48720 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 9.8 0.67% 2023-12-21 2026-06-17
CVE-2023-48719 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. N/A 0.04% 2023-12-21 2024-01-02
«« First « Prev Page 8 / 20 Next »
cvelogic Threat Intelligence