Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-41712 | Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | 6.5 | 0.90% | 2022-11-25 | 2026-06-17 |
| CVE-2023-5008 | Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | 0.88% | 2023-12-07 | 2026-06-17 |
| CVE-2024-1644 | Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI. | 9.9 | 0.86% | 2024-02-19 | 2026-06-17 |
| CVE-2022-45475 | Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. | 6.5 | 0.85% | 2022-11-25 | 2026-06-17 |
| CVE-2023-46800 | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.83% | 2023-11-07 | 2026-06-17 |
| CVE-2023-46793 | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.83% | 2023-11-07 | 2026-06-17 |
| CVE-2023-46789 | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.83% | 2023-11-07 | 2026-06-17 |
| CVE-2023-46788 | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.83% | 2023-11-07 | 2026-06-17 |
| CVE-2023-46787 | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.83% | 2023-11-07 | 2026-06-17 |
| CVE-2023-46785 | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.83% | 2023-11-07 | 2026-06-17 |
| CVE-2023-46679 | Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.83% | 2023-11-07 | 2026-06-17 |
| CVE-2023-46677 | Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.83% | 2023-11-07 | 2026-06-17 |
| CVE-2025-54084 | OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | 8.5 | 0.82% | 2025-09-09 | 2026-06-17 |
| CVE-2022-25228 | CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | 6.5 | 0.81% | 2022-08-18 | 2026-06-17 |
| CVE-2023-44166 | The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44164 | The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-44163 | The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2023-43739 | The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.80% | 2023-09-28 | 2026-06-17 |
| CVE-2022-42745 | CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. | 7.5 | 0.80% | 2022-11-03 | 2026-06-17 |
| CVE-2025-6998 | ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1. | 8.7 | 0.79% | 2025-07-24 | 2026-06-17 |