|
4941
|
9.8 |
CRITICAL
Network
|
-
|
-
|
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At…
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2018-25350
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4942
|
7.1 |
HIGH
Network
|
-
|
-
|
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th…
|
CWE-89
SQL Injection
|
CVE-2018-25352
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4943
|
8.8 |
HIGH
Network
|
-
|
-
|
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accou…
|
CWE-863
Incorrect Authorization
|
CVE-2018-25353
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4944
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag…
|
CWE-352
Origin Validation Error
|
CVE-2018-25354
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4945
|
8.4 |
HIGH
Local
|
-
|
-
|
Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious …
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25355
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4946
|
8.4 |
HIGH
Local
|
-
|
-
|
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can tri…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25356
|
2026-05-27 04:37 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4947
|
8.7 |
HIGH
Network
|
-
|
-
|
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Req…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41147
|
2026-05-27 04:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4948
|
- |
|
-
|
-
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS …
|
CWE-94
Code Injection
|
CVE-2026-41148
|
2026-05-27 04:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4949
|
- |
|
-
|
-
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML …
|
CWE-94
Code Injection
|
CVE-2026-41149
|
2026-05-27 04:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4950
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manip…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-9294
|
2026-05-27 04:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
