|
11
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit th…
New
|
CWE-89
SQL Injection
|
CVE-2018-25338
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML fo…
New
|
CWE-352
Origin Validation Error
|
CVE-2018-25337
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HT…
New
|
CWE-352
Origin Validation Error
|
CVE-2018-25336
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint.…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-25335
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but…
New
|
CWE-352
Origin Validation Error
|
CVE-2018-25334
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
8.2 |
HIGH
Network
|
-
|
-
|
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
New
|
CWE-89
SQL Injection
|
CVE-2018-25333
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
9.8 |
CRITICAL
Network
|
-
|
-
|
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file uploa…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-25332
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac…
New
|
CWE-79
Cross-site Scripting
|
CVE-2018-25331
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. At…
New
|
CWE-89
SQL Injection
|
CVE-2018-25330
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attack…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2018-25329
|
2026-05-17 22:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
