Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-10122 — TRENDnet TEW-432BRP formSetProtocolFilter stack-based overflow

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_na…

tew-432brp tew-432brp | Remote | Memory Corruption
May 30, 2026 Jun 03, 2026
May 30, 2026
Jun 03, 2026
9.0 HIGH
CVE-2026-10121 — TRENDnet TEW-432BRP formSetUrlFilter stack-based overflow

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keywor…

tew-432brp | Remote | Memory Corruption
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.7 HIGH
CVE-2018-25426 — WinMTR 0.91 Denial of Service via Buffer Overflow

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers c…

winmtr | Remote | Denial of Service
May 30, 2026 Jun 03, 2026
May 30, 2026
Jun 03, 2026
8.8 HIGH
CVE-2018-25425 — Yot CMS 3.3.1 SQL Injection via aid and cid Parameters

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers …

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25424 — Gate Pass Management System 2.1 SQL Injection via login-exec.php

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters.…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
6.9 MEDIUM
CVE-2018-25423 — Arm Whois 3.11 Denial of Service via Buffer Overflow

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 byte…

| Denial of Service
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25422 — MOGG web simulator Script All Version SQL Injection via play.php

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attacke…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
7.1 HIGH
CVE-2018-25421 — Open STA Manager 2.3 Arbitrary File Download via Path Traversal

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules…

Remote | Path Traversal
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25420 — AiOPMSD Final 1.0.0 SQL Injection via watch.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers ca…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25419 — AiOPMSD Final 1.0.0 SQL Injection via genre.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers c…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25418 — AiOPMSD Final 1.0.0 SQL Injection via year.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers ca…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25417 — AiOPMSD Final 1.0.0 SQL Injection via quality.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25416 — AiOPMSD Final 1.0.0 SQL Injection via country.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25415 — AiOPMSD Final 1.0.0 SQL Injection via director Parameter

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attacker…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25414 — AiOPMSD Final 1.0.0 SQL Injection via actor.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers c…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25413 — AiOPMSD Final 1.0.0 SQL Injection via search.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
9.8 CRITICAL
CVE-2018-25412 — Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form…

deltasql | Remote | Authentication
May 30, 2026 Jun 03, 2026
May 30, 2026
Jun 03, 2026
8.8 HIGH
CVE-2018-25411 — MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter.…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
7.1 HIGH
CVE-2018-25410 — SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send G…

Remote | Injection
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25409 — SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload …

Remote | Misconfiguration
May 30, 2026 Jun 01, 2026
May 30, 2026
Jun 01, 2026
Showing 20 of 7368 Results