CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/30 4:17 p.m.•12 views

CVE-2018-25406

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS0.0009EPSS

NVD•added 2026/05/30 4:16 p.m.•11 views

CVE-2018-25405

8.8CVSS0.0009EPSS

ATTACKERKB•added 2026/05/30 2:55 p.m.•6 views

CVE-2018-25406

8.8CVSS6.2AI score0.0009EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/30 2:55 p.m.•5 views

EUVD-2018-21928

8.8CVSS6.2AI score0.0009EPSS

ATTACKERKB•added 2026/05/30 2:55 p.m.•5 views

CVE-2018-25405

Exploits0References4Affected Software1

EUVD•added 2026/05/30 2:55 p.m.•6 views

EUVD-2018-21927

CNNVD•added 2026/05/30 12:0 a.m.•4 views

eNdonesia Portal SQL注入漏洞

eNdonesia Portal is a system platform developed by eNdonesia’s individual developers, offering functions for portal content management and information publishing. Version 8.7 of eNdonesia Portal has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...

CNNVD•added 2026/05/30 12:0 a.m.•4 views

eNdonesia Portal SQL注入漏洞

Snyk•added 2026/05/05 3:27 p.m.•5 views

Malicious Package

Overview @infinid-indonesia/ui-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/03/26 2:56 p.m.•3 views

CVE-2019-25643

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...

8.8CVSS6.2AI score0.00051EPSS

Exploits0References1

Cvelist•added 2026/03/24 11:27 a.m.•19 views

CVE-2019-25643 eNdonesia Portal v8.7 SQL Injection via banners.php

8.8CVSS0.00051EPSS

Positive Technologies•added 2026/03/24 12:0 a.m.•0 views

PT-2026-27377

8.8CVSS6.2AI score0.00051EPSS

Exploits0References5

The Hacker News•added 2026/02/04 2:9 p.m.•7 views

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker...

8.8CVSS8.5AI score0.11605EPSS

Exploits34

Patchstack•added 2026/02/02 8:49 a.m.•3 views

WordPress FluentForm plugin <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra - Monarch Digital Indonesia in WordPress Plugin FluentForm versions = 5.1.19...

5.5CVSS5.3AI score0.00216EPSS

Exploits0References1Affected Software1

The Hacker News•added 2025/12/04 9:27 a.m.•5 views

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing...

7AI score

Packet Storm News•added 2025/11/20 12:0 a.m.•4 views

Autumn Dragon: China-Nexus APT Group Target South East Asia

This report details Autumn Dragon, a sustained, multi-month espionage campaign against the government, media, and news sectors in several countries including Laos, Cambodia, Singapore, the Philippines and Indonesia...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•6 views

Malicious code in passport-auth0-levels-biomimicry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b0bee65acdf68a6737b8995d1143686b1ef9027fdabf5ae14fdd070cbbf7242 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in interface-stack-mock-execute-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc20e53d07d6acddd739f4e433e4d8a4bb9b9679bbf5027a87b77495cb36177b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in hyperion-hermes-version-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15cf735cb22bc6f6c69e8c0af04d9a49053ea95e2438caf22b90dd1226fbc2e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...