|
4811
|
8.2 |
HIGH
Network
|
-
|
-
|
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-…
|
CWE-89
SQL Injection
|
CVE-2018-25389
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4812
|
8.2 |
HIGH
Network
|
-
|
-
|
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-p…
|
CWE-89
SQL Injection
|
CVE-2018-25390
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4813
|
7.5 |
HIGH
Network
|
-
|
-
|
HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target rec…
|
CWE-862
Missing Authorization
|
CVE-2018-25391
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4814
|
7.1 |
HIGH
Network
|
-
|
-
|
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity f…
|
CWE-89
SQL Injection
|
CVE-2018-25392
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4815
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can se…
|
CWE-22
Path Traversal
|
CVE-2018-25393
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4816
|
8.2 |
HIGH
Network
|
-
|
-
|
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of board…
|
CWE-89
SQL Injection
|
CVE-2018-25394
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4817
|
8.2 |
HIGH
Network
|
-
|
-
|
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of board…
|
CWE-89
SQL Injection
|
CVE-2018-25395
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4818
|
5.3 |
MEDIUM
Network
|
-
|
-
|
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated …
|
CWE-352
Origin Validation Error
|
CVE-2018-25397
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4819
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stac…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10066
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4820
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched rem…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10067
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
