|
1661
|
7.5 |
HIGH
Network
|
juniper
|
junos
|
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 pac…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-33790
|
2026-04-18 02:11 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1662
|
7.8 |
HIGH
Local
|
ether_software
|
easy_video_to_ipod_converter
|
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-25701
|
2026-04-18 02:01 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1663
|
8.8 |
HIGH
Network
|
impresscms
|
impresscms
|
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attacke…
|
CWE-89
SQL Injection
|
CVE-2019-25703
|
2026-04-18 01:51 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1664
|
7.1 |
HIGH
Network
|
gurkanuzunca
|
newsbull
|
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and b…
|
CWE-89
SQL Injection
|
CVE-2019-25699
|
2026-04-18 01:43 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1665
|
9.8 |
CRITICAL
Network
|
victoralagwu
|
cmssite
|
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET req…
|
CWE-89
SQL Injection
|
CVE-2019-25697
|
2026-04-18 01:41 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1666
|
7.1 |
HIGH
Network
|
montala
|
resourcespace
|
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection…
|
CWE-352
CWE-89
Origin Validation Error
SQL Injection
|
CVE-2019-25693
|
2026-04-18 01:37 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1667
|
7.8 |
HIGH
Local
|
socusoft
|
html5_video_player
|
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payl…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-25689
|
2026-04-18 01:19 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1668
|
6.1 |
MEDIUM
Network
|
dynalon
|
mdwiki
|
MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft …
|
CWE-79
Cross-site Scripting
|
CVE-2017-20239
|
2026-04-18 01:19 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1669
|
6.1 |
MEDIUM
Network
|
lollms
|
lollms
|
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack o…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1116
|
2026-04-18 01:18 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1670
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.
|
CWE-89
SQL Injection
|
CVE-2026-37749
|
2026-04-18 01:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
