|
21
|
8.4 |
HIGH
Local
|
-
|
-
|
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craf…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25328
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTM…
New
|
CWE-352
Origin Validation Error
|
CVE-2018-25327
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
7.5 |
HIGH
Network
|
-
|
-
|
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parame…
New
|
CWE-22
Path Traversal
|
CVE-2018-25326
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
7.5 |
HIGH
Network
|
-
|
-
|
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX …
New
|
CWE-22
Path Traversal
|
CVE-2018-25325
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspat…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2018-25324
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
8.4 |
HIGH
Local
|
-
|
-
|
Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payl…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25323
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
8.4 |
HIGH
Local
|
-
|
-
|
Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2018-25322
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
4.3 |
MEDIUM
Network
|
-
|
-
|
TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attacker…
New
|
CWE-352
Origin Validation Error
|
CVE-2018-25321
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can …
New
|
CWE-94
Code Injection
|
CVE-2018-25320
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
7.1 |
HIGH
Network
|
-
|
-
|
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Att…
New
|
CWE-89
SQL Injection
|
CVE-2018-25319
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
