|
1941
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft H…
|
CWE-352
Origin Validation Error
|
CVE-2018-25343
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1942
|
8.4 |
HIGH
Local
|
-
|
-
|
10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2018-25344
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1943
|
8.4 |
HIGH
Local
|
-
|
-
|
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25345
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1944
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMa…
|
CWE-89
SQL Injection
|
CVE-2018-25346
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1945
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_f…
|
CWE-89
SQL Injection
|
CVE-2018-25347
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1946
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attacker…
|
CWE-89
SQL Injection
|
CVE-2018-25348
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1947
|
6.1 |
MEDIUM
Network
|
-
|
-
|
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba…
|
CWE-79
Cross-site Scripting
|
CVE-2018-25349
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1948
|
9.8 |
CRITICAL
Network
|
-
|
-
|
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At…
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2018-25350
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1949
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th…
|
CWE-89
SQL Injection
|
CVE-2018-25352
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1950
|
8.8 |
HIGH
Network
|
-
|
-
|
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accou…
|
CWE-863
Incorrect Authorization
|
CVE-2018-25353
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
