|
2881
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_f…
|
CWE-89
SQL Injection
|
CVE-2018-25347
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2882
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attacker…
|
CWE-89
SQL Injection
|
CVE-2018-25348
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2883
|
6.1 |
MEDIUM
Network
|
-
|
-
|
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba…
|
CWE-79
Cross-site Scripting
|
CVE-2018-25349
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2884
|
9.8 |
CRITICAL
Network
|
-
|
-
|
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At…
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2018-25350
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2885
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th…
|
CWE-89
SQL Injection
|
CVE-2018-25352
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2886
|
8.8 |
HIGH
Network
|
-
|
-
|
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accou…
|
CWE-863
Incorrect Authorization
|
CVE-2018-25353
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2887
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag…
|
CWE-352
Origin Validation Error
|
CVE-2018-25354
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2888
|
8.4 |
HIGH
Local
|
-
|
-
|
Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious …
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25355
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2889
|
8.4 |
HIGH
Local
|
-
|
-
|
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can tri…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25356
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2890
|
8.7 |
HIGH
Network
|
-
|
-
|
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Req…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41147
|
2026-05-27 04:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
