Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-45323 | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-02 | 2026-06-17 |
| CVE-2023-45111 | Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-01 | 2026-06-17 |
| CVE-2023-45019 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-01 | 2026-06-17 |
| CVE-2023-45018 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-01 | 2026-06-17 |
| CVE-2023-45015 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.70% | 2023-11-01 | 2026-06-17 |
| CVE-2024-1648 | electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. | 7.5 | 0.69% | 2024-02-19 | 2026-06-17 |
| CVE-2024-1647 | Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. | 7.5 | 0.69% | 2024-02-19 | 2026-06-17 |
| CVE-2022-25221 | Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code. | 6.1 | 0.69% | 2022-03-23 | 2026-06-17 |
| CVE-2023-0357 | Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket. | 6.1 | 0.69% | 2023-04-04 | 2026-06-17 |
| CVE-2023-0325 | Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket. | 6.1 | 0.69% | 2023-04-04 | 2026-06-17 |
| CVE-2023-44267 | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 | 0.68% | 2023-10-26 | 2026-06-17 |
| CVE-2026-2293 | A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13. | 8.2 | 0.68% | 2026-02-27 | 2026-06-17 |
| CVE-2022-0698 | Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. | 6.1 | 0.68% | 2022-11-25 | 2026-06-17 |
| CVE-2023-5011 | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 | 0.67% | 2023-12-20 | 2026-06-17 |
| CVE-2023-5010 | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 | 0.67% | 2023-12-20 | 2026-06-17 |
| CVE-2023-5007 | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 | 0.67% | 2023-12-20 | 2026-06-17 |
| CVE-2023-45121 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 | 0.67% | 2023-12-21 | 2026-06-17 |
| CVE-2023-45119 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 | 0.67% | 2023-12-21 | 2026-06-17 |
| CVE-2023-45118 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 | 0.67% | 2023-12-21 | 2026-06-17 |
| CVE-2023-45116 | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 | 0.67% | 2023-12-21 | 2026-06-17 |