LiveActive security incident?Get immediate response
CVE archive

May 2018

Browse CVE records published in May 2018, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1309 matching CVEs · Page 2 of 27.

Medium · CVSS 5.3

CVE-2018-25343: Smartshop 1 Cross-Site Request Forgery via editprofile.php

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that execute automatically when visited by an authenticated admin user.

Published May 23, 2026 · Updated May 27, 2026

Medium · CVSS 6.1

CVE-2018-25349: userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page.

Published May 23, 2026 · Updated May 27, 2026

High · CVSS 8.6

CVE-2018-25355: Audiograbber 1.83 Local Buffer Overflow via SEH

Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow, overwriting SEH pointers and executing injected shellcode with application privileges.

Published May 23, 2026 · Updated May 27, 2026

High · CVSS 7

CVE-2018-25361: Soroush IM Desktop App 0.17.0 Authentication Bypass via Database Injection

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unlock the client and access all stored data, chats, images, and files without knowing the original passcode.

Published May 25, 2026 · Updated May 27, 2026

Medium · CVSS 6.9

CVE-2018-25367: NASA openVSP 3.16.1 Denial of Service via Buffer Overflow

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom browser pod addition interface.

Published May 25, 2026 · Updated May 27, 2026

High · CVSS 8.6

CVE-2018-25373: DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.

Published May 25, 2026 · Updated May 27, 2026

High · CVSS 8.8

CVE-2018-25379: Collectric CMU 1.0 SQL Injection via lang Parameter

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

Published May 25, 2026 · Updated May 27, 2026

High · CVSS 8.6

CVE-2018-25360: AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructions that overwrite the SEH handler pointer to achieve code execution when the file contents are pasted into the application.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25341: Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and database names.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 7.1

CVE-2018-25347: WordPress Contact Form Maker Plugin 1.12.20 SQL Injection

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.6

CVE-2018-25366: CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25372: MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.

Published May 25, 2026 · Updated May 26, 2026

Medium · CVSS 6.9

CVE-2018-25378: Notebook Pro 2.0 Denial of Service via Notebook Name Field

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Notebook Name field, and trigger an application crash when attempting to create and save the notebook.

Published May 25, 2026 · Updated May 26, 2026

Medium · CVSS 5.3

CVE-2018-25354: Joomla Component jomres 9.11.2 Cross-Site Request Forgery

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25348: Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25342: Smartshop 1 SQL Injection via search.php

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract sensitive database information including product details and system data.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25362: Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.7

CVE-2018-25368: Nord VPN 6.14.31 Denial of Service via Password Field

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.7

CVE-2018-25374: Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.6

CVE-2018-25376: Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH

Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to overwrite the SEH chain and execute shellcode for reverse shell access.

Published May 25, 2026 · Updated May 26, 2026

Medium · CVSS 6.9

CVE-2018-25370: Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles_function.php with parameters like rol_assign_roles, rol_approve_users, and rol_edit_user set to 1 to escalate privileges without authentication.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25364: Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.7

CVE-2018-25358: D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 7.1

CVE-2018-25352: WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 7.1

CVE-2018-25346: WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25340: Smartshop 1 SQL Injection via category.php

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.

Published May 23, 2026 · Updated May 26, 2026

Critical · CVSS 9.8

CVE-2018-25357: Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25351: Joomla! Component EkRishta 2.10 SQL Injection via username

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.6

CVE-2018-25356: SIPp 3.6 Local Buffer Overflow via Command-line Arguments

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, causing strcpy to write beyond buffer boundaries in sipp.cpp.

Published May 23, 2026 · Updated May 26, 2026

Critical · CVSS 9.8

CVE-2018-25350: userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.6

CVE-2018-25344: 10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.

Published May 23, 2026 · Updated May 26, 2026

High · CVSS 8.6

CVE-2018-25359: Splinterware System Scheduler Pro 5.12 Privilege Escalation

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.

Published May 25, 2026 · Updated May 26, 2026

Medium · CVSS 5.3

CVE-2018-25363: Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from authenticated user sessions.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.7

CVE-2018-25365: PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 7.1

CVE-2018-25380: Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25371: mooSocial Store Plugin 2.6 SQL Injection via product parameter

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query techniques in the product URI parameter to extract sensitive database information.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.6

CVE-2018-25377: Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the Help > Register dialog to trigger a reverse shell with system privileges.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.6

CVE-2018-25375: SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH

SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to trigger a stack-based buffer overflow and execute a reverse shell payload.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 7.1

CVE-2018-25381: Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.

Published May 25, 2026 · Updated May 26, 2026

Medium · CVSS 6.9

CVE-2018-25369: Visual Ping 0.8.0.0 Buffer Overflow Denial of Service

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigger a denial of service condition.

Published May 25, 2026 · Updated May 26, 2026

High · CVSS 8.8

CVE-2018-25353: Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code.

Published May 23, 2026 · Updated May 23, 2026

High · CVSS 8.6

CVE-2018-25345: 10-Strike Network Scanner 3.0 Local Buffer Overflow SEH

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.

Published May 23, 2026 · Updated May 23, 2026

High · CVSS 8.8 · CISA KEV

CVE-2018-4063: An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireles...

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published May 6, 2019 · Updated May 22, 2026

Medium · CVSS 6.9

CVE-2018-25336: Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.

Published May 17, 2026 · Updated May 18, 2026

High · CVSS 8.8

CVE-2018-25330: Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.

Published May 17, 2026 · Updated May 18, 2026

Medium · CVSS 6.9

CVE-2018-25324: Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp_abspath values to simple_fields.php to include files like /etc/passwd or inject PHP code into Apache logs for remote code execution when allow_url_include is enabled.

Published May 17, 2026 · Updated May 18, 2026

Critical · CVSS 9.8

CVE-2018-25320: ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.

Published May 17, 2026 · Updated May 18, 2026

High · CVSS 8.7

CVE-2018-25326: Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files.

Published May 17, 2026 · Updated May 18, 2026

Critical · CVSS 9.8

CVE-2018-25332: GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.

Published May 17, 2026 · Updated May 18, 2026

High · CVSS 8.8

CVE-2018-25338: Zechat 1.5 SQL Injection via hashtag parameter

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names.

Published May 17, 2026 · Updated May 18, 2026