999 items
Unread (2128) All Dismissed
HIGH
CVE-2018-25399 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25399 7d ago
HIGH
CVE-2018-25398 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
NVD CVE-2018-25398 7d ago
HIGH
CVE-2018-25396 (CVSS 7.5) — Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthentic...
NVD CVE-2018-25396 7d ago
HIGH
CVE-2018-25395 (CVSS 8.2) — Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to ...
NVD CVE-2018-25395 7d ago
HIGH
CVE-2018-25394 (CVSS 8.2) — Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to ...
NVD CVE-2018-25394 7d ago
HIGH
CVE-2018-25392 (CVSS 7.1) — MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users t...
NVD CVE-2018-25392 7d ago
HIGH
CVE-2018-25391 (CVSS 7.5) — HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticat...
NVD CVE-2018-25391 7d ago
HIGH
CVE-2018-25390 (CVSS 8.2) — HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipu...
NVD CVE-2018-25390 7d ago
HIGH
CVE-2018-25389 (CVSS 8.2) — HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipu...
NVD CVE-2018-25389 7d ago
HIGH
CVE-2018-25388 (CVSS 8.8) — HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to ...
NVD CVE-2018-25388 7d ago
HIGH
CVE-2018-25386 (CVSS 8.2) — HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers...
NVD CVE-2018-25386 7d ago
HIGH
CVE-2018-25385 (CVSS 8.2) — E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated ...
NVD CVE-2018-25385 7d ago
HIGH
CVE-2018-25383 (CVSS 8.4) — Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing t...
NVD CVE-2018-25383 7d ago
HIGH
CVE-2018-25382 (CVSS 8.2) — Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract ...
NVD CVE-2018-25382 7d ago
HIGH
CVE-2026-10063 (CVSS 8.8) — A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the functio...
NVD CVE-2026-10063 7d ago
HIGH
CVE-2026-10062 (CVSS 8.8) — A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the...
NVD CVE-2026-10062 7d ago
HIGH
CVE-2026-44239 (CVSS 8.8) — FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJA...
NVD CVE-2026-44239 7d ago
HIGH
CVE-2026-44238 (CVSS 8.8) — FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows S...
NVD CVE-2026-44238 7d ago
HIGH
CVE-2026-44237 (CVSS 8.1) — FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation do...
NVD CVE-2026-44237 7d ago
HIGH
CVE-2026-10073 (CVSS 7.5) — DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated...
NVD CVE-2026-10073 7d ago
HIGH
CVE-2026-10072 (CVSS 7.2) — DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged re...
NVD CVE-2026-10072 7d ago
HIGH
CVE-2025-41281 (CVSS 7.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41281 7d ago
HIGH
CVE-2025-41280 (CVSS 7.8) — Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX ...
NVD CVE-2025-41280 7d ago
HIGH
CVE-2025-41279 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41279 7d ago
HIGH
CVE-2025-41278 (CVSS 7.8) — Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version...
NVD CVE-2025-41278 7d ago
HIGH
CVE-2025-41271 (CVSS 7.5) — Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall ...
NVD CVE-2025-41271 7d ago
HIGH
CVE-2025-41267 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41267 7d ago
HIGH
CVE-2025-41266 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41266 7d ago
HIGH
CVE-2025-41265 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41265 7d ago
HIGH
CVE-2026-46579 (CVSS 7.4) — A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Al...
NVD CVE-2026-46579 7d ago
HIGH
CVE-2026-42965 (CVSS 7.7) — A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vu...
NVD CVE-2026-42965 7d ago
HIGH
CVE-2026-6075 (CVSS 8.1) — The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers...
NVD CVE-2026-6075 7d ago
HIGH
CVE-2025-11262 (CVSS 7.2) — The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user...
NVD CVE-2025-11262 7d ago
HIGH
CVE-2025-11993 (CVSS 8.8) — The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object...
NVD CVE-2025-11993 7d ago
HIGH
CVE-2026-9946 (CVSS 8.3) — Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had c...
NVD CVE-2026-9946 8d ago
HIGH
CVE-2026-9940 (CVSS 8.8) — Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to ...
NVD CVE-2026-9940 8d ago
HIGH
CVE-2026-9887 (CVSS 8.8) — Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execut...
NVD CVE-2026-9887 8d ago
HIGH
CVE-2026-9877 (CVSS 8.3) — Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had c...
NVD CVE-2026-9877 8d ago
HIGH
CVE-2026-10019 (CVSS 8.8) — Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak...
NVD CVE-2026-10019 8d ago
HIGH
CVE-2026-10012 (CVSS 8.3) — Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had co...
NVD CVE-2026-10012 8d ago
HIGH
CVE-2026-10002 (CVSS 8.8) — Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to poten...
NVD CVE-2026-10002 8d ago
HIGH
CVE-2026-48116 (CVSS 7.5) — AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe...
NVD CVE-2026-48116 8d ago
HIGH
CVE-2026-44883 (CVSS 7.5) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44883 8d ago
HIGH
CVE-2026-44849 (CVSS 8.8) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44849 8d ago
HIGH
CVE-2026-44848 (CVSS 8.8) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44848 8d ago
HIGH
CVE-2026-39929 (CVSS 7.5) — Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-...
NVD CVE-2026-39929 8d ago
HIGH
CVE-2026-10044 (CVSS 7.5) — Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GE...
NVD CVE-2026-10044 8d ago
HIGH
CVE-2026-46837 (CVSS 8.8) — Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Securi...
NVD CVE-2026-46837 8d ago
HIGH
CVE-2026-46835 (CVSS 7.5) — Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are a...
NVD CVE-2026-46835 8d ago
HIGH
CVE-2026-46834 (CVSS 7.5) — Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are a...
NVD CVE-2026-46834 8d ago
HIGH NVD Fri, 29 May 2026 16:16:19 UTC
CVE-2018-25399 (CVSS 8.2) — The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated atta...
https://nvd.nist.gov/vuln/detail/CVE-2018-25399
TL;DR
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
CVE-2018-25399
Read full story ↗