|
971
|
7.5 |
HIGH
Network
|
-
|
-
|
Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can gener…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47973
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
7.2 |
HIGH
Network
|
-
|
-
|
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit PO…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47975
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
6.2 |
MEDIUM
Local
|
-
|
-
|
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send req…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2021-47978
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but…
|
CWE-352
Origin Validation Error
|
CVE-2018-25334
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit th…
|
CWE-89
SQL Injection
|
CVE-2018-25338
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the…
|
CWE-89
SQL Injection
|
CVE-2018-25339
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
977
|
8.4 |
HIGH
Local
|
-
|
-
|
Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2018-25322
|
2026-05-19 02:29 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
8.4 |
HIGH
Local
|
-
|
-
|
Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payl…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25323
|
2026-05-19 02:29 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
979
|
9.1 |
CRITICAL
Network
|
dovecot
open-xchange
|
dovecot
|
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP …
|
CWE-235
Improper Handling of Extra Parameters
|
CVE-2026-27851
|
2026-05-19 02:29 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Vvveb CMS com…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44366
|
2026-05-19 02:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
