|
2451
|
8.0 |
HIGH
Network
|
-
|
-
|
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force_download.php component
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-37266
|
2026-05-30 01:32 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2452
|
7.5 |
HIGH
Network
|
-
|
-
|
esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, a Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the browser field in…
|
CWE-22
Path Traversal
|
CVE-2026-44594
|
2026-05-30 01:32 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2453
|
5.3 |
MEDIUM
Network
|
-
|
-
|
TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an e…
|
CWE-203
CWE-208
Information Exposure Through Discrepancy
Information Exposure Through Timing Discrepancy
|
CVE-2026-45410
|
2026-05-30 01:32 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2454
|
8.1 |
HIGH
Network
|
-
|
-
|
Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcem…
|
CWE-22
Path Traversal
|
CVE-2026-44973
|
2026-05-30 01:32 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2455
|
8.2 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter…
|
CWE-89
SQL Injection
|
CVE-2018-25398
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2456
|
8.2 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_ln…
|
CWE-89
SQL Injection
|
CVE-2018-25399
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2457
|
8.2 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Atta…
|
CWE-89
SQL Injection
|
CVE-2018-25400
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2458
|
8.2 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…
|
CWE-89
SQL Injection
|
CVE-2018-25401
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2459
|
8.2 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…
|
CWE-89
SQL Injection
|
CVE-2018-25402
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2460
|
8.2 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…
|
CWE-89
SQL Injection
|
CVE-2018-25403
|
2026-05-30 01:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
