Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2022-41707 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public. | 6.5 | 0.79% | 2022-10-19 | 2026-06-17 |
| CVE-2022-25223 | Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. | 4.3 | 0.77% | 2022-03-23 | 2026-06-17 |
| CVE-2023-4316 | Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. | 7.5 | 0.76% | 2023-09-28 | 2026-06-17 |
| CVE-2023-0959 | Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF. | 6.5 | 0.75% | 2023-04-05 | 2026-06-17 |
| CVE-2023-49666 | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.75% | 2024-01-04 | 2026-06-17 |
| CVE-2024-2692 | SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS. | 9.0 | 0.73% | 2024-04-03 | 2026-06-17 |
| CVE-2023-43013 | Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | 0.71% | 2023-09-28 | 2026-06-17 |
| CVE-2022-22702 | PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. | 4.3 | 0.71% | 2022-01-10 | 2026-06-17 |
| CVE-2023-45347 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45346 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45345 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45344 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45343 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45342 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45341 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45340 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45338 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45336 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45334 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45325 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |