Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.8 HIGH
CVE-2018-25413 — AiOPMSD Final 1.0.0 SQL Injection via search.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
9.8 CRITICAL
CVE-2018-25412 — Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form…

Remote | Authentication
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.8 HIGH
CVE-2018-25411 — MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter.…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
7.1 HIGH
CVE-2018-25410 — SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send G…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.8 HIGH
CVE-2018-25409 — SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload …

Remote | Misconfiguration
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.7 HIGH
CVE-2018-25408 — The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename pa…

Remote | Path Traversal
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.8 HIGH
CVE-2018-25407 — eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.8 HIGH
CVE-2018-25406 — eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.8 HIGH
CVE-2018-25405 — eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
0.0 NA
CVE-2026-10126 — Edimax BR-6478AC POST Request formQoS buffer overflow

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the…

| Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
9.0 HIGH
CVE-2026-10120 — TRENDnet TEW-432BRP formSetFirewallRule stack-based overflow

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewal…

Remote | Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
9.0 HIGH
CVE-2026-10119 — TRENDnet TEW-432BRP formSetMACFilter stack-based overflow

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name…

Remote | Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
0.0 NA
CVE-2026-46242 — eventpoll: fix ep_remove struct eventpoll / struct file UAF

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_l…

| Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
4.3 MEDIUM
CVE-2026-10117 — Open5GS nghttp2-server.c ogs_pool_id_calloc denial of service

A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogs_pool_id_calloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of serv…

Remote | Denial of Service
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
4.3 MEDIUM
CVE-2026-10116 — Open5GS ue-authentications Endpoint ogs-timer.c ogs_sbi_xact_add denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_sbi_xact_add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint.…

Remote | Denial of Service
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
4.3 MEDIUM
CVE-2026-10115 — Open5GS Shared NF-profile nnrf-handler.c denial of service

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial …

Remote | Denial of Service
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
4.3 MEDIUM
CVE-2026-10114 — Open5GS Shared NF-profile nnrf-handler.c handle_scp_info out-of-bounds write

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This man…

Remote | Memory Corruption
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
7.5 HIGH
CVE-2026-9757 — GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
8.8 HIGH
CVE-2026-7465 — Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution …

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible f…

Remote | Injection
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
7.5 HIGH
CVE-2026-7459 — Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subsc…

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the ev…

Remote | Authentication
May 30, 2026 May 30, 2026
May 30, 2026
May 30, 2026
Showing 20 of 6972 Results