|
161
|
8.2 |
HIGH
Network
|
-
|
-
|
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of board…
New
|
CWE-89
SQL Injection
|
CVE-2018-25394
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
8.2 |
HIGH
Network
|
-
|
-
|
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of board…
New
|
CWE-89
SQL Injection
|
CVE-2018-25395
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
5.3 |
MEDIUM
Network
|
-
|
-
|
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated …
New
|
CWE-352
Origin Validation Error
|
CVE-2018-25397
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stac…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10066
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched rem…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10067
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be la…
New
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-10069
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
- |
|
-
|
-
|
QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID
f…
New
|
CWE-384
Session Fixation
|
CVE-2026-33384
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
- |
|
-
|
-
|
QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle (MITM) attack by impersonating the…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-33386
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
- |
|
-
|
-
|
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of user supplied input in the user registration functionality in register.php.
New
|
-
|
CVE-2026-36324
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
8.8 |
HIGH
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${respon…
New
|
CWE-78
OS Command
|
CVE-2026-45662
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
