Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.7 HIGH
CVE-2026-10069 — Shibby Tomato miniupnpd resource consumption

A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be la…

tomato | Remote | Denial of Service
May 29, 2026 Jun 02, 2026
May 29, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-10068 — Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side req…

tomato | Remote | Server-Side Request Forgery
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.0 HIGH
CVE-2026-10067 — Shibby Tomato multimon.cgi sub_90F0 stack-based overflow

A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched rem…

tomato | Remote | Memory Corruption
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.0 HIGH
CVE-2026-10066 — Shibby Tomato UPS Service tomatoups.cgi sub_9068 stack-based overflow

A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stac…

tomato | Remote | Memory Corruption
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.0 HIGH
CVE-2026-10065 — Shibby Tomato tomatodata.cgi get_ups_field stack-based overflow

A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack…

tomato | Remote | Memory Corruption
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.8 CRITICAL
CVE-2026-10064 — TRENDnet TEW-432BRP formSetPortTr stack-based overflow

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name r…

tew-432brp tew-432brp_firmware tew-432brp | Remote | Memory Corruption
May 29, 2026 Jun 03, 2026
May 29, 2026
Jun 03, 2026
8.8 HIGH
CVE-2018-25404 — The Open ISES Project 3.30A SQL Injection via add_facnote.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter.…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2018-25403 — The Open ISES Project 3.30A SQL Injection via city_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2018-25402 — The Open ISES Project 3.30A SQL Injection via inc_types_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2018-25401 — The Open ISES Project 3.30A SQL Injection via sever_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2018-25400 — The Open ISES Project 3.30A SQL Injection via form_post.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Atta…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2018-25399 — The Open ISES Project 3.30A SQL Injection via nearby.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_ln…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2018-25398 — The Open ISES Project 3.30A SQL Injection via main.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter…

Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.9 MEDIUM
CVE-2018-25397 — PHP-SHOP 1.0 Cross-Site Request Forgery via users.php

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated …

Remote | Cross-Site Request Forgery
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.7 HIGH
CVE-2018-25396 — Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attac…

wifi_thermostat | Remote | Information Disclosure
May 29, 2026 Jun 01, 2026
May 29, 2026
Jun 01, 2026
8.8 HIGH
CVE-2018-25395 — Kados R10 GreenBee SQL Injection via update_feature.php

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of board…

kados | Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.8 HIGH
CVE-2018-25394 — Kados R10 GreenBee SQL Injection via update_release.php

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of board…

kados | Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.1 HIGH
CVE-2018-25393 — Navigate CMS 2.8.5 Path Traversal via navigate_download.php

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can se…

Remote | Path Traversal
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.1 HIGH
CVE-2018-25392 — MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity f…

maxon | Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.7 HIGH
CVE-2018-25391 — HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target rec…

Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
Showing 20 of 7241 Results