|
1961
|
8.2 |
HIGH
Network
|
-
|
-
|
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers …
|
CWE-89
SQL Injection
|
CVE-2018-25425
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1962
|
8.5 |
HIGH
Network
|
-
|
-
|
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can in…
|
CWE-89
SQL Injection
|
CVE-2026-49489
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1963
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable…
|
CWE-89
SQL Injection
|
CVE-2026-49490
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1964
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metad…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48559
|
2026-06-2 01:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1965
|
7.5 |
HIGH
Network
|
-
|
-
|
Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers t…
|
CWE-125
CWE-754
Out-of-bounds Read
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-39929
|
2026-06-2 01:52 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1966
|
8.2 |
HIGH
Network
|
-
|
-
|
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…
|
CWE-89
SQL Injection
|
CVE-2018-25405
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1967
|
8.2 |
HIGH
Network
|
-
|
-
|
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…
|
CWE-89
SQL Injection
|
CVE-2018-25406
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1968
|
8.2 |
HIGH
Network
|
-
|
-
|
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…
|
CWE-89
SQL Injection
|
CVE-2018-25407
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1969
|
7.5 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename pa…
|
CWE-22
Path Traversal
|
CVE-2018-25408
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1970
|
8.8 |
HIGH
Network
|
-
|
-
|
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-25409
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
