988 items
Unread (2117) All Dismissed
HIGH
CVE-2018-25416 (CVSS 8.2) — AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to...
NVD CVE-2018-25416 6d ago
HIGH
CVE-2018-25415 (CVSS 8.2) — AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to...
NVD CVE-2018-25415 6d ago
HIGH
CVE-2018-25414 (CVSS 8.2) — AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to...
NVD CVE-2018-25414 6d ago
HIGH
CVE-2018-25413 (CVSS 8.2) — AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to...
NVD CVE-2018-25413 6d ago
HIGH
CVE-2018-25411 (CVSS 8.2) — MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated...
NVD CVE-2018-25411 6d ago
HIGH
CVE-2018-25410 (CVSS 7.1) — SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute...
NVD CVE-2018-25410 6d ago
HIGH
CVE-2018-25409 (CVSS 8.8) — SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to...
NVD CVE-2018-25409 6d ago
HIGH
CVE-2018-25408 (CVSS 7.5) — The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoin...
NVD CVE-2018-25408 6d ago
HIGH
CVE-2018-25407 (CVSS 8.2) — eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated atta...
NVD CVE-2018-25407 6d ago
HIGH
CVE-2018-25406 (CVSS 8.2) — eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated atta...
NVD CVE-2018-25406 6d ago
HIGH
CVE-2018-25405 (CVSS 8.2) — eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated atta...
NVD CVE-2018-25405 6d ago
HIGH
CVE-2026-10120 (CVSS 8.8) — A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function fo...
NVD CVE-2026-10120 6d ago
HIGH
CVE-2026-10119 (CVSS 8.8) — A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function ...
NVD CVE-2026-10119 6d ago
HIGH
CVE-2026-9757 (CVSS 7.5) — The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' ...
NVD CVE-2026-9757 6d ago
HIGH
CVE-2026-7465 (CVSS 8.8) — The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerab...
NVD CVE-2026-7465 6d ago
HIGH
CVE-2026-7459 (CVSS 7.5) — The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to a...
NVD CVE-2026-7459 6d ago
HIGH
CVE-2026-10111 (CVSS 7.3) — A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function o...
NVD CVE-2026-10111 6d ago
HIGH
CVE-2026-10110 (CVSS 7.3) — A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an...
NVD CVE-2026-10110 6d ago
HIGH
CVE-2026-48557 (CVSS 8.8) — Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in Fil...
NVD CVE-2026-48557 7d ago
HIGH
CVE-2026-48555 (CVSS 7.4) — Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerabi...
NVD CVE-2026-48555 7d ago
HIGH
CVE-2026-46527 (CVSS 7.5) — cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, W...
NVD CVE-2026-46527 7d ago
HIGH
CVE-2026-44422 (CVSS 7.5) — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR N...
NVD CVE-2026-44422 7d ago
HIGH
CVE-2026-49373 (CVSS 7.1) — In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection setti...
NVD CVE-2026-49373 7d ago
HIGH
CVE-2026-49371 (CVSS 7.1) — In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
NVD CVE-2026-49371 7d ago
HIGH
CVE-2026-49367 (CVSS 8) — In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
NVD CVE-2026-49367 7d ago
HIGH
CVE-2026-10108 (CVSS 7.5) — xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_pa...
NVD CVE-2026-10108 7d ago
HIGH
CVE-2026-10105 (CVSS 8.3) — agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that all...
NVD CVE-2026-10105 7d ago
HIGH
CVE-2026-48501 (CVSS 7.4) — GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly incl...
NVD CVE-2026-48501 7d ago
HIGH
CVE-2026-35674 (CVSS 8.8) — OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that ...
NVD CVE-2026-35674 7d ago
HIGH
CVE-2026-35630 (CVSS 8) — OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval bu...
NVD CVE-2026-35630 7d ago
HIGH
CVE-2026-32905 (CVSS 8.3) — OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair p...
NVD CVE-2026-32905 7d ago
HIGH
CVE-2026-10069 (CVSS 7.5) — A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of...
NVD CVE-2026-10069 7d ago
HIGH
CVE-2026-10067 (CVSS 8.8) — A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file mu...
NVD CVE-2026-10067 7d ago
HIGH
CVE-2026-10066 (CVSS 8.8) — A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the funct...
NVD CVE-2026-10066 7d ago
HIGH
CVE-2018-25404 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25404 7d ago
HIGH
CVE-2018-25403 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25403 7d ago
HIGH
CVE-2018-25402 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25402 7d ago
HIGH
CVE-2018-25401 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25401 7d ago
HIGH
CVE-2018-25400 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25400 7d ago
HIGH
CVE-2018-25399 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25399 7d ago
HIGH
CVE-2018-25398 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25398 7d ago
HIGH
CVE-2018-25396 (CVSS 7.5) — Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthentic...
NVD CVE-2018-25396 7d ago
HIGH
CVE-2018-25395 (CVSS 8.2) — Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to ...
NVD CVE-2018-25395 7d ago
HIGH
CVE-2018-25394 (CVSS 8.2) — Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to ...
NVD CVE-2018-25394 7d ago
HIGH
CVE-2018-25392 (CVSS 7.1) — MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users t...
NVD CVE-2018-25392 7d ago
HIGH
CVE-2018-25391 (CVSS 7.5) — HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticat...
NVD CVE-2018-25391 7d ago
HIGH
CVE-2018-25390 (CVSS 8.2) — HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipu...
NVD CVE-2018-25390 7d ago
HIGH
CVE-2018-25389 (CVSS 8.2) — HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipu...
NVD CVE-2018-25389 7d ago
HIGH
CVE-2018-25388 (CVSS 8.8) — HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to ...
NVD CVE-2018-25388 7d ago
HIGH
CVE-2018-25386 (CVSS 8.2) — HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers...
NVD CVE-2018-25386 7d ago
HIGH NVD Sat, 30 May 2026 16:17:02 UTC
CVE-2018-25416 (CVSS 8.2) — AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to...
https://nvd.nist.gov/vuln/detail/CVE-2018-25416
TL;DR
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extract sensitive database information including usernames, database names, and version details.
CVE-2018-25416
Read full story ↗