Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-9342 — SourceCodester Hospitals Patient Records Management System view_history.php sql injection

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o…

| Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
9.8 CRITICAL
CVE-2018-25357 — Dolibarr ERP CRM 7.0.3 Remote Code Evaluation via install/step1.php

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers c…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.7 HIGH
CVE-2018-25358 — D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST req…

Remote | Information Disclosure
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.6 HIGH
CVE-2018-25356 — SIPp 3.6 Local Buffer Overflow via Command-line Arguments

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can tri…

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.6 HIGH
CVE-2018-25355 — Audiograbber 1.83 Local Buffer Overflow via SEH

Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious …

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
5.3 MEDIUM
CVE-2018-25354 — Joomla Component jomres 9.11.2 Cross-Site Request Forgery

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag…

Remote | Cross-Site Request Forgery
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2018-25353 — Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accou…

Remote | Authentication
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
7.1 HIGH
CVE-2018-25352 — WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2018-25351 — Joomla! Component EkRishta 2.10 SQL Injection via username

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the usernam…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
9.8 CRITICAL
CVE-2018-25350 — userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At…

Remote | Authentication
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
6.1 MEDIUM
CVE-2018-25349 — userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba…

Remote | Cross-Site Scripting
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2018-25348 — Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attacker…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
7.1 HIGH
CVE-2018-25347 — WordPress Contact Form Maker Plugin 1.12.20 SQL Injection

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_f…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
7.1 HIGH
CVE-2018-25346 — WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMa…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.6 HIGH
CVE-2018-25345 — 10-Strike Network Scanner 3.0 Local Buffer Overflow SEH

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft…

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.6 HIGH
CVE-2018-25344 — 10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering …

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
5.3 MEDIUM
CVE-2018-25343 — Smartshop 1 Cross-Site Request Forgery via editprofile.php

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft H…

Remote | Cross-Site Request Forgery
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2018-25342 — Smartshop 1 SQL Injection via search.php

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in sear…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2018-25341 — Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET …

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2018-25340 — Smartshop 1 SQL Injection via category.php

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET …

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
Showing 20 of 5936 Results