CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/24 12:0 a.m.•8 views

JPress 授权问题漏洞

JPress is a blog platform developed using the Java language by the JPress team. Versions of JPress 1.0.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter id/userId in the UCenter Article Submission Endpoint component, which...

6.5CVSS6.7AI score0.00252EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•14 views

PT-2026-42944

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00254EPSS

CNNVD•added 2026/05/24 12:0 a.m.•8 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS7.2AI score0.00254EPSS

CNNVD•added 2026/05/24 12:0 a.m.•10 views

Projectworlds Online Art Gallery Shop SQL注入漏洞

Projectworlds Online Art Gallery Shop is an online art gallery store open source by Projectworlds. Version 1.0 of Projectworlds Online Art Gallery Shop has a SQL injection vulnerability. This vulnerability stems from improper handling of the parameter sociallinked in the file admin/adminHome.php,...

7.5CVSS7.2AI score0.00254EPSS

CNNVD•added 2026/05/24 12:0 a.m.•7 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from unknown functions in the Slack Agent/Mattermost Agent components, which manipulated the...

6.9CVSS6.6AI score0.00336EPSS

Vulnrichment•added 2026/05/23 10:45 p.m.•7 views

CVE-2026-9343 Edimax EW-7438RPn webs formWpsStart os command injection

A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argument pinCode causes os command injection. Remote exploitation of the attack is possible. The explo...

6.5CVSS6.3AI score0.01519EPSS

Cvelist•added 2026/05/23 10:15 p.m.•15 views

CVE-2026-9342 SourceCodester Hospitals Patient Records Management System view_history.php sql injection

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00192EPSS

ATTACKERKB•added 2026/05/23 10:15 p.m.•11 views

CVE-2026-9342

6.5CVSS6.5AI score0.00192EPSS

Exploits0References5Affected Software1

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

9.8CVSS0.01701EPSS

Exploits1References4

CVE-2018-25358

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

8.7CVSS0.00585EPSS

CVE-2018-25348

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...

8.8CVSS0.00358EPSS

NVD•added 2026/05/23 7:16 p.m.•10 views

CVE-2018-25347

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS0.00214EPSS

Exploits0References3

CVE-2018-25342

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

8.8CVSS0.00334EPSS

UbuntuCve•added 2026/05/23 7:16 p.m.•11 views

CVE-2018-25357

OSV•added 2026/05/23 7:16 p.m.•5 views

Exploits1References5

UBUNTU-CVE-2018-25357

Cvelist•added 2026/05/23 6:32 p.m.•17 views

Exploits1References7

CVE-2018-25357 Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php

9.8CVSS0.01701EPSS

Exploits1References4

ATTACKERKB•added 2026/05/23 6:32 p.m.•7 views

CVE-2018-25357

CVE•added 2026/05/23 6:32 p.m.•25 views

Exploits1References4

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability. An unauthenticated attacker can inject PHP into the db_name parameter via a POST to install/step1.php , then trigger code execution through the check.php endpoint using the cmd parameter. The CVE documents indicate a critical ...

Exploits1References4Affected Software1

CVE•added 2026/05/23 6:30 p.m.•30 views

CVE-2018-25358

The CVE-2018-25358 entry concerns the D-Link DIR-601 (firmware 2.02NA) where an unauthenticated attacker can disclose credentials via /my_cgi.cgi by manipulating the table_name parameter in POST requests. Affected data includes administrative credentials and wireless keys, exposed in cleartext. T...

8.7CVSS5.8AI score0.00585EPSS