Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2018-25416 — AiOPMSD Final 1.0.0 SQL Injection via country.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25415 — AiOPMSD Final 1.0.0 SQL Injection via director Parameter

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attacker…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25414 — AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers c…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25413 — AiOPMSD Final 1.0.0 SQL Injection via search.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2018-25412 — Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form…

deltasql | Remote | Authentication
May 30, 2026 Jun 03, 2026
May 30, 2026
Jun 03, 2026
8.8 HIGH
CVE-2018-25411 — MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter.…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
7.1 HIGH
CVE-2018-25410 — SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send G…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25409 — SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload …

Remote | Misconfiguration
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.7 HIGH
CVE-2018-25408 — The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename pa…

Remote | Path Traversal
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25407 — eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25406 — eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25405 — eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
9.0 HIGH
CVE-2026-10120 — TRENDnet TEW-432BRP formSetFirewallRule stack-based overflow

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewal…

tew-432brp | Remote | Memory Corruption
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
9.0 HIGH
CVE-2026-10119 — TRENDnet TEW-432BRP formSetMACFilter stack-based overflow

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name…

tew-432brp | Remote | Memory Corruption
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
Showing 20 of 7234 Results