CVE-2026-5018

creationtimestamp| type| source ---|---|--- 2026-03-29 00:34:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi5vn3bhid2s 2026-03-29 01:15:46+00:00| published-proof-of-concept| Telegram/2ZCZ0X-UsuKs7wtR6ZGpeXrnXUtKYHoBRWUbFIBTrMUhlY 2026-03-29 01:53:25+00:00| seen|...

CVE-2026-5018 code-projects Simple Food Order System Parameter register-router.php sql injection

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

Siemens SIMATIC S7-1500 Use After Free (CVE-2019-5018)

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

CVE-2025-53410 File Station 5

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

EUVD-2017-6315

Malware in sbrugna...

CVE-2025-5018

creationtimestamp| type| source ---|---|--- 2025-06-06 07:32:25+00:00| seen| Telegram/TeB6u0cRcgm4Z57WWM6dLDMUNimVLv6dDJXV21QEae9BFw0...

CVE-2025-5018 Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox

The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hsupdateaichatsettings and hivelitesupportgetallbinbox functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated...

CVE-2025-5018 Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox

The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hsupdateaichatsettings and hivelitesupportgetallbinbox functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated...

WordPress Hive Support plugin <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox vulnerability

Authenticated Subscriber+ Missing Authorization via hsupdateaichatsettings and hivelitesupportgetallbinbox vulnerability discovered by Vo Thi Ngoc Nhi in WordPress Plugin Hive Support versions = 1.2.5...

CVE-2010-5018

Cross-site scripting XSS vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter...

CVE-2014-5018

Incomplete blacklist vulnerability in the autoEscape function in commonhelper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting XSS attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...

Linux Distros Unpatched Vulnerability : CVE-2016-5018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a...

CVE-2024-5018

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...

CVE-2024-5018

Progress WhatsUp Gold contains a Path Traversal vulnerability (CVE-2024-5018) in the LoadNMScript path, affecting versions released before 2023.1.3. The issue resides in Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript and allows reading files from the application's web-root without au...

RHEL 5 : tomcat5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: security manager bypass via IntrospectHelper utility function CVE-2016-5018 - tomcat: Remote Code...

CVE-2023-5018 SourceCodester Lost and Found Information System POST Parameter sql injection

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=savecategory of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is...

CVE-2023-5018

SourceCodester Lost and Found Information System 1.0 has a SQL injection in the POST Parameter Handler, specifically via the id parameter in /classes/Master.php?f=save_category. The issue is triggered by manipulating id, enabling remote exploitation and impacting confidentiality, integrity, and a...

BELL-CVE-2019-5018 CVE-2019-5018 does not affect BellSoft software

Bulletin has no description...

Debian: Security Advisory (DLA-746-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...