|
3841
|
- |
|
-
|
-
|
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings…
|
CWE-79
CWE-639
Cross-site Scripting
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45551
|
2026-05-30 01:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3842
|
8.7 |
HIGH
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48527
|
2026-05-30 01:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3843
|
9.8 |
CRITICAL
Network
|
-
|
-
|
manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-10042
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3844
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted …
|
CWE-89
SQL Injection
|
CVE-2018-25382
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3845
|
8.4 |
HIGH
Local
|
-
|
-
|
Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation.…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2018-25383
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3846
|
8.2 |
HIGH
Network
|
-
|
-
|
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parame…
|
CWE-89
SQL Injection
|
CVE-2018-25385
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3847
|
8.2 |
HIGH
Network
|
-
|
-
|
HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticate…
|
CWE-89
SQL Injection
|
CVE-2018-25386
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3848
|
5.3 |
MEDIUM
Network
|
-
|
-
|
HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft…
|
CWE-352
Origin Validation Error
|
CVE-2018-25387
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3849
|
8.8 |
HIGH
Network
|
-
|
-
|
HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through mu…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-25388
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3850
|
8.2 |
HIGH
Network
|
-
|
-
|
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-…
|
CWE-89
SQL Injection
|
CVE-2018-25389
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
