Skip to main content
CVE-2018-25333 HIGH POC This Week

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2018-25339 HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25338 HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25330 HIGH POC This Week

Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi XSS Joomla Extension Ekrishta
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2018-25326 HIGH POC This Week

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP WordPress Google
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2018-25325 HIGH POC This Week

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP WordPress
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2018-25329 HIGH POC This Week

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress LFI
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25323 HIGH POC This Week

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Allok Avi Divx Mpeg To Dvd Converter
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25328 HIGH POC This Week

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Vx Search
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25322 HIGH POC This Week

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Fast Avi Mpeg Splitter
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-8764 HIGH POC This Week

Remote buffer overflow in H3C Magic B3 routers (firmware up to 100R002) allows attackers with high privileges to corrupt memory via the UpdateWanParams function in /goform/aspForm by manipulating the param argument. Publicly available exploit code exists per VulDB disclosure, though the vendor did not respond to coordinated disclosure attempts. With CVSS 4.0 score of 7.3 and PR:H requirement, exploitation hinges on prior administrative access to the device's web interface.

Buffer Overflow Magic B3
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2018-25319 HIGH POC This Week

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-8719 HIGH This Week

Authenticated attackers can escalate privileges to Administrator in AI Engine WordPress plugin version 3.4.9 through improper authorization in the MCP OAuth bearer-token implementation. The plugin accepts any valid OAuth token for Model Context Protocol (MCP) access without verifying administrator privileges, allowing low-privileged users (Subscriber+) to execute admin-level MCP tools. No public exploit or active exploitation identified at time of analysis.

WordPress Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-46720 HIGH PATCH This Week

Metric injection in the Perl module Net::Statsd::Tiny before version 0.3.8 allows remote attackers to inject arbitrary statsd metrics by smuggling newline, colon, or pipe characters through untrusted metric names or set values. The CVSS 8.2 score reflects high integrity impact from forged telemetry, and while a vendor patch is available, no public exploit has been identified at time of analysis.

Code Injection
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy