Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.9 MEDIUM
CVE-2018-25198 — eToolz 3.4.8.0 Denial of Service via Buffer Overflow

eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255…

| Denial of Service
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25197 — PlayJoom 0.10.1 SQL Injection via catid Parameter

PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can s…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25196 — ServerZilla 1.0 SQL Injection via email Parameter

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25194 — Nominas 0.27 SQL Injection via username Parameter

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can s…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.7 HIGH
CVE-2018-25193 — Mongoose Web Server 6.9 Denial of Service via Socket Connection

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create conne…

Remote | Denial of Service
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25192 — GPS Tracking System 2.12 SQL Injection via username Parameter

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can sub…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
7.1 HIGH
CVE-2018-25191 — Facturation System 1.0 SQL Injection via editar_producto.php

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. Attacke…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
6.9 MEDIUM
CVE-2018-25190 — Easyndexer 1.0 Cross-Site Request Forgery via createuser.php

Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft mali…

Remote | Cross-Site Request Forgery
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25189 — Data Center Audit 2.6.2 SQL Injection via username Parameter

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25188 — Webiness Inventory 2.3 SQL Injection via WsModelGrid.php

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attacker…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25187 — Tina4 Stack 1.0.3 SQL Injection and Database File Download

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db …

Remote | Information Disclosure
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
6.9 MEDIUM
CVE-2018-25186 — Tina4 Stack 1.0.3 Cross-Site Request Forgery via profile

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can …

Remote | Cross-Site Request Forgery
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
6.9 MEDIUM
CVE-2018-25184 — Surreal ToDo 0.6.1.2 Local File Inclusion via index.php

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory …

| Path Traversal
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25182 — Silurus Classifieds Script 2.0 SQL Injection via wcategory.php

Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Att…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.7 HIGH
CVE-2018-25181 — Musicco 2.0.0 Arbitrary Directory Download via Path Traversal

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory trav…

Remote | Path Traversal
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
7.1 HIGH
CVE-2018-25180 — Maitra 1.7.2 SQL Injection and Database File Download

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmai…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25179 — Gumbo CMS 0.99 SQL Injection via settings endpoint

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.7 HIGH
CVE-2018-25178 — Easyndexer 1.0 Arbitrary File Download via showtif.php

Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests…

Remote | Path Traversal
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
6.9 MEDIUM
CVE-2018-25177 — Data Center Audit 2.6.2 Cross-Site Request Forgery via dca_resetpw.php

Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attacker…

Remote | Cross-Site Request Forgery
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
8.8 HIGH
CVE-2018-25176 — Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search e…

Remote | Injection
Mar 06, 2026 Mar 06, 2026
Mar 06, 2026
Mar 06, 2026
Showing 20 of 5141 Results