Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-10124 — Shibby Tomato Zserv ripd rip_zebra_read_ipv4 stack-based overflow

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead t…

tomato | Remote | Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
9.0 HIGH
CVE-2026-10123 — TRENDnet TEW-432BRP formSetDomainFilter stack-based overflow

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_doma…

tew-432brp | Remote | Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
9.0 HIGH
CVE-2026-10122 — TRENDnet TEW-432BRP formSetProtocolFilter stack-based overflow

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_na…

tew-432brp | Remote | Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
9.0 HIGH
CVE-2026-10121 — TRENDnet TEW-432BRP formSetUrlFilter stack-based overflow

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keywor…

tew-432brp | Remote | Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
7.5 HIGH
CVE-2018-25426 — WinMTR 0.91 Denial of Service via Buffer Overflow

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers c…

Remote | Denial of Service
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25425 — Yot CMS 3.3.1 SQL Injection via aid and cid Parameters

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers …

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25424 — Gate Pass Management System 2.1 SQL Injection via login-exec.php

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters.…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
6.2 MEDIUM
CVE-2018-25423 — Arm Whois 3.11 Denial of Service via Buffer Overflow

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 byte…

| Denial of Service
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25422 — MOGG web simulator Script All Version SQL Injection via play.php

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attacke…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
6.5 MEDIUM
CVE-2018-25421 — Open STA Manager 2.3 Arbitrary File Download via Path Traversal

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules…

Remote | Path Traversal
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25420 — AiOPMSD Final 1.0.0 SQL Injection via watch.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers ca…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25419 — AiOPMSD Final 1.0.0 SQL Injection via genre.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers c…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25418 — AiOPMSD Final 1.0.0 SQL Injection via year.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers ca…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25417 — AiOPMSD Final 1.0.0 SQL Injection via quality.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25416 — AiOPMSD Final 1.0.0 SQL Injection via country.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25415 — AiOPMSD Final 1.0.0 SQL Injection via director Parameter

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attacker…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25414 — AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers c…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25413 — AiOPMSD Final 1.0.0 SQL Injection via search.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
9.8 CRITICAL
CVE-2018-25412 — Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form…

Remote | Authentication
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.2 HIGH
CVE-2018-25411 — MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter.…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
Showing 20 of 6693 Results