|
3251
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable…
|
CWE-89
SQL Injection
|
CVE-2026-49490
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3252
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metad…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48559
|
2026-06-2 01:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3253
|
7.5 |
HIGH
Network
|
-
|
-
|
Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers t…
|
CWE-125
CWE-754
Out-of-bounds Read
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-39929
|
2026-06-2 01:52 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3254
|
8.2 |
HIGH
Network
|
-
|
-
|
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…
|
CWE-89
SQL Injection
|
CVE-2018-25405
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3255
|
8.2 |
HIGH
Network
|
-
|
-
|
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…
|
CWE-89
SQL Injection
|
CVE-2018-25406
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3256
|
8.2 |
HIGH
Network
|
-
|
-
|
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A…
|
CWE-89
SQL Injection
|
CVE-2018-25407
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3257
|
7.5 |
HIGH
Network
|
-
|
-
|
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename pa…
|
CWE-22
Path Traversal
|
CVE-2018-25408
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3258
|
8.8 |
HIGH
Network
|
-
|
-
|
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-25409
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3259
|
7.1 |
HIGH
Network
|
-
|
-
|
SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send G…
|
CWE-89
SQL Injection
|
CVE-2018-25410
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3260
|
8.2 |
HIGH
Network
|
-
|
-
|
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter.…
|
CWE-89
SQL Injection
|
CVE-2018-25411
|
2026-06-2 01:51 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
