Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2018-25354 — Joomla Component jomres 9.11.2 Cross-Site Request Forgery

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag…

Remote | Cross-Site Request Forgery
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.8 HIGH
CVE-2018-25353 — Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accou…

Remote | Authentication
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
7.1 HIGH
CVE-2018-25352 — WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.2 HIGH
CVE-2018-25351 — Joomla! Component EkRishta 2.10 SQL Injection via username

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the usernam…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
9.8 CRITICAL
CVE-2018-25350 — userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At…

Remote | Authentication
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
6.1 MEDIUM
CVE-2018-25349 — userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba…

Remote | Cross-Site Scripting
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.2 HIGH
CVE-2018-25348 — Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attacker…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
7.1 HIGH
CVE-2018-25347 — WordPress Contact Form Maker Plugin 1.12.20 SQL Injection

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_f…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
7.1 HIGH
CVE-2018-25346 — WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMa…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.4 HIGH
CVE-2018-25345 — 10-Strike Network Scanner 3.0 Local Buffer Overflow SEH

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft…

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.4 HIGH
CVE-2018-25344 — 10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering …

| Memory Corruption
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
4.3 MEDIUM
CVE-2018-25343 — Smartshop 1 Cross-Site Request Forgery via editprofile.php

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft H…

Remote | Cross-Site Request Forgery
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.2 HIGH
CVE-2018-25342 — Smartshop 1 SQL Injection via search.php

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in sear…

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.2 HIGH
CVE-2018-25341 — Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET …

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
8.2 HIGH
CVE-2018-25340 — Smartshop 1 SQL Injection via category.php

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET …

Remote | Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9306 — QuantumNous new-api Midjourney Image Relay Endpoint relay-router.go GetByOnlyMJId authori…

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjou…

| Authorization
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9305 — QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. Th…

| Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9304 — calcom cal.diy Logo API route.ts validateUrlForSSRF server-side request forgery

A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The ma…

| Server-Side Request Forgery
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9303 — calcom cal.diy cross-site request forgery

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Th…

| Cross-Site Request Forgery
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
0.0 NA
CVE-2026-9302 — 546669204 vps-inventory-monitoring VpsTest Console VpsTest.php eval code injection

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of …

| Injection
May 23, 2026 May 23, 2026
May 23, 2026
May 23, 2026
Showing 20 of 5904 Results