|
2491
|
6.1 |
MEDIUM
Network
|
-
|
-
|
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba…
|
CWE-79
Cross-site Scripting
|
CVE-2018-25349
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2492
|
9.8 |
CRITICAL
Network
|
-
|
-
|
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At…
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2018-25350
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2493
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th…
|
CWE-89
SQL Injection
|
CVE-2018-25352
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2494
|
8.8 |
HIGH
Network
|
-
|
-
|
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accou…
|
CWE-863
Incorrect Authorization
|
CVE-2018-25353
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2495
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag…
|
CWE-352
Origin Validation Error
|
CVE-2018-25354
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2496
|
8.4 |
HIGH
Local
|
-
|
-
|
Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious …
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25355
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2497
|
8.4 |
HIGH
Local
|
-
|
-
|
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can tri…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25356
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2498
|
8.7 |
HIGH
Network
|
-
|
-
|
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Req…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41147
|
2026-05-27 04:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2499
|
- |
|
-
|
-
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS …
|
CWE-94
Code Injection
|
CVE-2026-41148
|
2026-05-27 04:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2500
|
- |
|
-
|
-
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML …
|
CWE-94
Code Injection
|
CVE-2026-41149
|
2026-05-27 04:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
