CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2018-25375
High

SocuSoft iPod Photo Slideshow version 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler.

CVE-2018-25374
High

Softneta MedDream PACS Server Premium version 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

CVE-2018-25373
High

SocuSoft DVD Photo Slideshow Professional version 8.07 contains a stack-based buffer overflow vulnerability in the registration name field, allowing local attackers to execute arbitrary code by exploiting structured exception handling.

CVE-2018-25372
High

MedDream PACS Server Premium version 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

CVE-2018-25371
High

The mooSocial Store plugin version 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality.

CVE-2018-25368
High

Nord VPN version 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.

CVE-2018-25366
High

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.

CVE-2018-25365
High

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.

CVE-2018-25364
High

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'name' parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data.

CVE-2018-25362
High

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter.

CVE-2018-25360
High

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling.

CVE-2018-25359
High

Splinterware System Scheduler Pro version 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.

CVE-2026-9461
High

A security vulnerability has been identified in Edimax EW-7438RPn version 1.31 affecting the formRadius function in the /goform/formRadius file. Manipulation of the submit-url argument leads to stack-based buffer overflow.

CVE-2026-9460
High

A weakness has been identified in Edimax EW-7438RPn 1.31, impacting the function formAccept of the file /goform/formAccept. Manipulating the argument submit-url can lead to stack-based buffer overflow.

CVE-2026-9459
High

A security flaw has been discovered in Edimax EW-7438RPn version 1.31, affecting the function formConnectionSetting of the file /goform/formConnectionSetting. Manipulating the arguments max_Conn/timeOut results in stack-based buffer overflow.

CVE-2026-9453
High

A vulnerability was detected in FoundDream miniclawd up to version 2d65665046e2222eeea76cafc8570ed546a8c125, affecting the function in the file /src/application/skills-loader.ts of the SkillsLoader component. Manipulating the argument requires.bins results in command injection.

CVE-2026-7766
High

The Kenik Camera management Panel is vulnerable to a Path Traversal attack. An unauthenticated attacker can send a GET request with an arbitrary file path and read corresponding files located on the server.

CVE-2026-9452
High

A vulnerability has been detected in FoundDream miniclawd affecting the ExecTool.execute function in the /src/tools/exec.ts file. Manipulation of this function leads to OS command injection, which can be exploited remotely.

CVE-2026-9447
High

A vulnerability was found in Simple POS and Inventory System 1.0 that allows SQL injection through manipulation of the 'Name' argument in the /user/search.php file. The attack can be performed remotely.

CVE-2026-9443
High

A vulnerability has been detected in Edimax BR-6478AC version 1.23, affecting the function formL2TPSetup in the file /goform/formL2TPSetup. Manipulation of the argument L2TPUserName leads to buffer overflow.

PreviousPage 252 of 3336Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS