|
1071
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit th…
|
CWE-89
SQL Injection
|
CVE-2018-25338
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1072
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the…
|
CWE-89
SQL Injection
|
CVE-2018-25339
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1073
|
8.4 |
HIGH
Local
|
-
|
-
|
Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2018-25322
|
2026-05-19 02:29 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1074
|
8.4 |
HIGH
Local
|
-
|
-
|
Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payl…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25323
|
2026-05-19 02:29 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1075
|
9.1 |
CRITICAL
Network
|
dovecot
open-xchange
|
dovecot
|
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP …
|
CWE-235
Improper Handling of Extra Parameters
|
CVE-2026-27851
|
2026-05-19 02:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1076
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Vvveb CMS com…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44366
|
2026-05-19 02:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1077
|
- |
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting (XSS) issue in the…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45622
|
2026-05-19 02:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1078
|
- |
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order hist…
|
CWE-89
SQL Injection
|
CVE-2026-45800
|
2026-05-19 02:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1079
|
7.5 |
HIGH
Network
|
-
|
-
|
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX …
|
CWE-22
Path Traversal
|
CVE-2018-25325
|
2026-05-19 02:28 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1080
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTM…
|
CWE-352
Origin Validation Error
|
CVE-2018-25327
|
2026-05-19 02:28 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
