Total CVEs

140,356

Critical Severity

3,747

High Severity

13,524

Last 7 Days

1,771
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 7,341 - 7,360 of 36,761 CVEs
CVE-2018-25417 HIGH - 8.2

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extract s...

Vendor: Aiopmsd
Product: AiOPMSD Final
Published: May 30, 2026
Source: NVD
CVE-2018-25416 HIGH - 8.2

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extract s...

Vendor: Aiopmsd
Product: AiOPMSD Final
Published: May 30, 2026
Source: NVD
CVE-2018-25415 HIGH - 8.2

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to extrac...

Vendor: Aiopmsd
Product: AiOPMSD Final
Published: May 30, 2026
Source: NVD
CVE-2018-25414 HIGH - 8.2

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract sensiti...

Vendor: Aiopmsd
Product: AiOPMSD Final
Published: May 30, 2026
Source: NVD
CVE-2018-25413 HIGH - 8.2

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database in...

Vendor: Aiopmsd
Product: AiOPMSD Final
Published: May 30, 2026
Source: NVD
CVE-2018-25412 CRITICAL - 9.8

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them...

Vendor: Deltasql
Product: Delta Sql
Published: May 30, 2026
Source: NVD
CVE-2018-25411 HIGH - 8.2

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id...

Vendor: M-Gb
Product: MGB OpenSource Guestbook
Published: May 30, 2026
Source: NVD
CVE-2018-25410 HIGH - 7.1

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters contai...

Vendor: Simpkh
Product: SIM-PKH
Published: May 30, 2026
Source: NVD
CVE-2018-25409 HIGH - 8.8

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endpoint with module=pengurus and act=update parameters, which ar...

Vendor: Simpkh
Product: SIM-PKH
Published: May 30, 2026
Source: NVD
CVE-2018-25408 HIGH - 7.5

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to access f...

Vendor: Openises
Product: Open ISES Project
Published: May 30, 2026
Source: NVD
CVE-2018-25407 HIGH - 8.2

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher,...

Vendor: Endonesia
Product: eNdonesia Portal
Published: May 30, 2026
Source: NVD
CVE-2018-25406 HIGH - 8.2

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across publisher,...

Vendor: Endonesia
Product: eNdonesia Portal
Published: May 30, 2026
Source: NVD
CVE-2018-25405 HIGH - 8.2

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract sensit...

Vendor: Endonesia
Product: eNdonesia Portal
Published: May 30, 2026
Source: NVD
CVE-2026-10120 HIGH - 8.8

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed remotely. The exploit is no...

Vendor: TRENDnet
Product: TEW-432BRP
Published: May 30, 2026
Source: NVD
CVE-2026-10119 HIGH - 8.8

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has...

Vendor: TRENDnet
Product: TEW-432BRP
Published: May 30, 2026
Source: NVD
CVE-2026-46242 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist_del_rcu() thr...

Vendor: Linux
Product: Linux
Published: May 30, 2026
Source: NVD
CVE-2026-10117 MEDIUM - 4.3

A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogs_pool_id_calloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been made available to the public and could...

Product: Open5GS
Published: May 30, 2026
Source: NVD
CVE-2026-10116 MEDIUM - 4.3

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_sbi_xact_add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The ex...

Product: Open5GS
Published: May 30, 2026
Source: NVD
CVE-2026-10115 MEDIUM - 4.3

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be used....

Product: Open5GS
Published: May 30, 2026
Source: NVD
CVE-2026-10114 MEDIUM - 4.3

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been publ...

Product: Open5GS
Published: May 30, 2026
Source: NVD