Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

104987 matches found

Positive Technologies
Positive Technologiesadded 2026/05/24 12:0 a.m.12 views

PT-2026-42918

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.28a Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the formwlencrypt24g function within the '/goform/formwlencrypt24g' endpoint when manipulating...

9CVSS7.5AI score0.00445EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/23 10:45 p.m.7 views

CVE-2026-9343 Edimax EW-7438RPn webs formWpsStart os command injection

A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection. Remote exploitation of the attack is possible. The explo...

6.5CVSS6.3AI score0.01519EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/23 10:15 p.m.13 views

CVE-2026-9342 SourceCodester Hospitals Patient Records Management System view_history.php sql injection

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/23 10:15 p.m.10 views

CVE-2026-9342

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2026/05/23 7:16 p.m.10 views

CVE-2018-25358

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

8.7CVSS0.00585EPSS
Exploits0References5
NVD
NVDadded 2026/05/23 7:16 p.m.11 views

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

9.8CVSS0.01701EPSS
Exploits1References4
NVD
NVDadded 2026/05/23 7:16 p.m.11 views

CVE-2018-25347

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS0.00214EPSS
Exploits0References3
NVD
NVDadded 2026/05/23 7:16 p.m.8 views

CVE-2018-25342

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVDadded 2026/05/23 7:16 p.m.11 views

CVE-2018-25348

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...

8.8CVSS0.00358EPSS
Exploits0References4
OSV
OSVadded 2026/05/23 7:16 p.m.5 views

UBUNTU-CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

9.8CVSS6.7AI score0.01701EPSS
Exploits1References7
UbuntuCve
UbuntuCveadded 2026/05/23 7:16 p.m.11 views

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

9.8CVSS6.7AI score0.01701EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/05/23 6:32 p.m.17 views

CVE-2018-25357 Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

9.8CVSS0.01701EPSS
Exploits1References4
CVE
CVEadded 2026/05/23 6:32 p.m.24 views

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability. An unauthenticated attacker can inject PHP into the db_name parameter via a POST to install/step1.php , then trigger code execution through the check.php endpoint using the cmd parameter. The CVE documents indicate a critical ...

9.8CVSS6.7AI score0.01701EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/23 6:32 p.m.7 views

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

9.8CVSS6.7AI score0.01701EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/23 6:30 p.m.5 views

CVE-2018-25358 D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

8.7CVSS5.8AI score0.00585EPSS
Exploits0References5
CVE
CVEadded 2026/05/23 6:30 p.m.30 views

CVE-2018-25358

The CVE-2018-25358 entry concerns the D-Link DIR-601 (firmware 2.02NA) where an unauthenticated attacker can disclose credentials via /my_cgi.cgi by manipulating the table_name parameter in POST requests. Affected data includes administrative credentials and wireless keys, exposed in cleartext. T...

8.7CVSS5.8AI score0.00585EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/23 6:30 p.m.12 views

CVE-2018-25358

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

8.7CVSS5.8AI score0.00585EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/23 6:30 p.m.11 views

EUVD-2018-21880

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

8.7CVSS5.8AI score0.00585EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/23 6:30 p.m.7 views

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/23 6:30 p.m.11 views

EUVD-2018-21872

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Rows per page
Query Builder