|
871
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 byte…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25423
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
872
|
8.2 |
HIGH
Network
|
-
|
-
|
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters.…
New
|
CWE-89
SQL Injection
|
CVE-2018-25424
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
873
|
8.2 |
HIGH
Network
|
-
|
-
|
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers …
New
|
CWE-89
SQL Injection
|
CVE-2018-25425
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
874
|
8.5 |
HIGH
Network
|
-
|
-
|
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can in…
New
|
CWE-89
SQL Injection
|
CVE-2026-49489
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
875
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable…
New
|
CWE-89
SQL Injection
|
CVE-2026-49490
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
876
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metad…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48559
|
2026-06-2 01:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
877
|
7.5 |
HIGH
Network
|
-
|
-
|
Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers t…
Update
|
CWE-125
CWE-754
Out-of-bounds Read
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-39929
|
2026-06-2 01:52 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
878
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-25412
|
2026-06-2 01:52 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
879
|
8.2 |
HIGH
Network
|
-
|
-
|
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…
New
|
CWE-89
SQL Injection
|
CVE-2018-25405
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
880
|
8.2 |
HIGH
Network
|
-
|
-
|
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…
New
|
CWE-89
SQL Injection
|
CVE-2018-25406
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
