|
331
|
9.8 |
CRITICAL
Network
|
-
|
-
|
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie paramete…
New
|
CWE-352
Origin Validation Error
|
CVE-2019-25729
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
8.2 |
HIGH
Network
|
-
|
-
|
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can s…
New
|
CWE-89
SQL Injection
|
CVE-2019-25730
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
7.2 |
HIGH
Network
|
-
|
-
|
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje…
New
|
CWE-79
Cross-site Scripting
|
CVE-2019-25731
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
8.2 |
HIGH
Network
|
-
|
-
|
PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers…
New
|
CWE-89
SQL Injection
|
CVE-2019-25732
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
8.4 |
HIGH
Local
|
-
|
-
|
NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-25733
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
4.0 |
MEDIUM
Local
|
-
|
-
|
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanit…
New
|
CWE-22
Path Traversal
|
CVE-2019-25734
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
8.4 |
HIGH
Local
|
-
|
-
|
AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Att…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-25735
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
8.4 |
HIGH
Local
|
-
|
-
|
LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-25736
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
7.2 |
HIGH
Network
|
-
|
-
|
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay…
New
|
CWE-79
Cross-site Scripting
|
CVE-2019-25737
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option actio…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-25738
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
